ConfigServer Community Forum

Hello,
I am using whm with csf, csx, and i have zerotier on the server (www.zerotier.com).

From time to time, zerotier goes offline and cannot connect to its network.
To fix this, i stop csf, restart zerotier, it turns on, i turn back on csf. It works for a while.

I have enabled the ports in csf config.

What shall i try next to do?

Thank you

Hello

I have two related questions if you could answer, I would be very grateful;

1) I am using Mod security as well as CSV on my Apache Centos server. I have been getting some IPV6 attacks and mod security is adding them to the mod security block just fine - but how can I manually add the offending IPV6 address into CSF? For example this one: 2a03:6f00:1::5c35:601e - when I try to add it I get...

Hi

very new to configserver and trying to figure it al out.

Getting loads of these in my logs, how can i block them?? cannot seem to find anything?
Thank you

Apr 18 07:19:18 submission-login: Info: Client has quit the connection (auth failed, 1 attempts in 20 secs): user= , method=LOGIN, rip=46.148.40.92, lip=removed, session=

Hello ALL,

I use centreon to monitoring my servers.

centreon client use SSH to connect to my other servers every 5 min to check process running for exemple.
So I receive email every 5 min...

Account: customuser
Method: publickey authentication
Log line:
.. Accepted publickey for customuser from ... ssh2: ...

Is there any method disable emails for this specific user/ip source ?

Thank you for...

Hello

we have a strange issue on one server.

Customer have IP in allow list, but canno access to server.
IP is also not in any deny list.

If we disable csf customer can access without issue

Thanks for any help / suggest

Hello,

I have a VPS hosted by Hetzner, with Almalinux 8 and Webuzo control panel.

I disabled firewalld and I installed CSF via Webuzo.

I had many trouble to configure it.

In the Webuzo/Security/IP block list, I have many times these address blocked:
- 185.12.64.2
- 185.12.64.1
- 0.0.0.0

I doesn't affect the usage of my website, but I do not understand what is the reason.

These address are...

LFD sends emails without Message-ID which causes gmail to flag ethese emails as SPAM

Refer

And with ongoing emails being generated by ldf, the spam rate originating from domain/ip goes high and eventually makes a negative impact on the reputation of the ip and domain

This is definitely a critical bug and needs to be addressed
Kindly treat this as critical to be addressed on urgent priority

Hi,

on my cpanel/litespeed server.

i try to type wrong login at host:7080 many times,

but my ip still does not be blocked by csf,

is it normal ?

how can i let csf/lfd detect it and blcok the ip as ftp/cpanel login fail.

thanks

Hi, I have CSF monitoring one of my files, and it's not picking up non-standard log lines generated by LiteSpeed. I have a ton of these:

2023-04-07 10:44:40.487175 [ :39787-22#_AdminVHost:lsapi] Failed Login Attempt - username: admin ip: 185.220.100.253 url: https:// /login.php\n

By my understanding, I should just have to add the log file to (for example) CUSTOM3_LOG in csf.conf, and then write...

Hello,

We have a user getting the following emails from CSF:

Subject: RBL Check on REDACTED: failures
From:
Date: 02/04/2023, 00:00
To: REDACTED
Checked 185.XX.XX.XXX (PUBLIC) on Sun Apr 2 00:00:02 2023
cbl.abuseat.org Error: open resolver;
/pub/172.71.241.6
noptr.spamrats.com TIMEOUT
pbl.spamhaus.org Error: open resolver;
/pub/172.70.161.130
sbl.spamhaus.org Error: open resolver;...

Hello.

I hope everyone is safe and healthy.

Using CSF on Centos server.

Love it. Here is a conundrum.

This ASN is microsoft: ASN8075

When I insert that into the csf to block, it blocks it no problem but also doesn't allow me to send emails to subsribers in that range - keep getting DNS request timeout.

So is there a way to block an ASN inbound from the scanners and such, but allow outbound...

Hi all,

I've got the X country in CC_ALLOW and want to bypass all checks and more specific the imap/pop3.
At the time being if someone fail to login for a few times it blocks the IP. I want not to blocked/checked at all from this X country.
Is that possible?

The CC_DENY_PORTS setting should only block access to TCP and UDP IN, but it applies to OUT as well.

In the description in the conf file, it informs TCP_IN and induces to think that it will be only for IN(put)

# This option uses the same format as TCP_IN/UDP_IN. The ports listed should
# NOT be removed from TCP_IN/UDP_IN
#
# An example would be to list port 21 here then countries listed in
#...

Hello,

I hope everyone is well.

I have a need to block countries, but allow dns querries into the server from everywhere, including those countries I've blocked.

What is the simplest solution with CSF for this?

Thanks in advance for any help.

Every day we receive a message from RBL's checks informing us that no responses were received from some spam checklists.

The content of said message shows us several errors similar to this:

Error: open resolver;

The IP address at the end of the URL is an IP address that belongs to Cloudfliare.

This only happens with 2 of the 3 servers that I manage, in these 3 servers the RBL verification is...

Hello,

I recently enabled the ipsum blocklist (which seems to be updated regularly) inside csf.blocklists,
which for now seems to be working, but from what I understood, the ip lookup happens in the generated csf.block.blocklistname file inside /var/lib/csf folder.
So it happened that this file didn't update on a daily basis, but the public list on the web did, which makes the detection of bad...

Hello,

In installed it in 3 different directadmin servers and didn't work in any. I have used the usual process: I created the user, selected the options, restarted both services, etc.

Is still working? Do you know if works with Directadmin servers?

Thank you.

If RU is added to the CC_DENY, CSF won't start, with error message:
Error: FASTSTART: (CC_DENY IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5781

Hello, it's possible to read the country code in a the customer regex?

In my case, I want to block xmlrpc attacks on all countries except spain.

Something like this will run?

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET|POST) and ($cc != ES) \/xmlrpc\.php.* /)) {
return ( xmlrpc attack ,$1, xmlrpc , 20 , 80,443 , 3600 );
}

Thanks!

I installed this VPN script on a CentOS 7 WHM system with CSF

While I am able to connect to the VPN successfully, I cannot connect to any website or service over the VPN until I execute this command via SSH
systemctl restart iptables

But if I execute above command, it ignores csf.deny IP addresses. So I go and restart the CSF and I'm back to the previous paragraph scenario.

Appreciate any...