ConfigServer Community Forum

Dear,
I have an packet lost issue when Config Firewall is enable and when is disable everything is OK.

Any advice?

Thanks, Mario

Hi there, we have a cPanel server which is doing both mail and web hosting, we're finding that periodically yahoo and google mail servers are getting blocked, which stops exim delivering mail to those servers, leading to it getting held up in the queue. Here's an example block of a google server (1e100 net) from this morning:

Time: Tue Sep 17 06:48:40 2013 +0100
IP: 173.194.66.26 (US/United...

Hello,
I've a curious problem (CSF 6.35, cPanel 11.38.2.7):
I can see blocked ip ad rules in mod security page of WHM, and I can see rules and ip with ConfigServer ModSec Control (ModSecurity Log with last 20 entries).
So, my system works. Now, i've installed CSF, and that are my settings:
LF_MODSEC = 2
LF_MODSEC_PERM = 1800
MODSEC_LOG = /usr/local/apache/logs/modsec_audit.log (restricted UI...

Hello,
Brand new to CSF and really enjoy it's features. I am running Centos 5.9 with DirectAdmin and would like to know where I can enable and configure the Block IP features to operate in the Brute Force Monitor section. In advance I thank you for your response.
B -

Hello,

I have checked my own server and my own servers provider. NO routing issues nor firewall issues on our side. Possible, csf website blocking my server?

Thanks

I start the csf but in exactly 1 min
I see in the cron log

host crond: (root) CMD (/etc/init.d/iptables stop)

then I see my csf is
Firewall Status: Enabled but Stopped

I did not stop the iptables !

It goes on every Min and turns off the csf automatically like a cron

I check my crons but did not find any thing
Where should I look for the problem?

I'm sure I'm missing something simple...

I have SMTP_BLOCK disabled:
SMTP_BLOCK = 0

I can manually open a connection to my SMTP Server over Port 465 from the command prompt, which tells me iptables is allowing outbound connections properly.

# iptables -L | grep -i smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp

However, a script fails to connect to my SMTP server (SMTP using...

I keep getting this error in logs today
Unable to retrieve blocklist DSHIELD - Unable to download: 599 - Net::SSLeay 1.49 must be installed for https support

I have Net::SSLeay1.55 and I don't intend to downgrade. Have you any idea what is wrong

Hi There,

I've just installed csf (v.635) on a fresh server, which should meet all the prerequisites of csf, but when trying to start it I can given:

Undefined subroutine &main::cleanup called at /usr/sbin/csf line 119.

Everything is basically a clean install, so I'm not sure what it could be that is causing it to fail...

The line in question from the file is:

sysopen (CSFLOCKFILE,...

Hi, can anybody tell me how can I allow bots from Google, MSN etc. to crawl my website without being temporally blocked?
Thanks a lot!

Hello,

How to block IP address range?

91.200.12.0 - 91.200.15.255

csf -d 91.200.??????

Thanks

Hi,

First of all thank you for creating this great security suite.

I believe LF_CPANEl isn't working propperly for me, I've set it to a low value (3) but CPHulk is still registering login failures past 3 failed attempts per IP.

In Watch System Logs I can see blocks made by LF_FTPD, LF_MODSEC and LF_SSHD but none by LF_CPANEl.

Here are some of my settings:

LF_CPANEL = 3
LF_CPANEL_PERM = 1...

I am running an Asterisk system with the SIP port open to the internet. I would like csf to block SIP brute force. I have spent many hours searching and testing but my custom regex doesn't do anything. I don't see anything logged from my custom script in lfd.log and my ip is not being blocked.

under /etc/csf/csf.conf

CUSTOM1_LOG = /var/log/asterisk/full

under /etc/csf/regex.custom.pm...

Hi there,

I have setup a modsec script to help protect my wp-login.php file. Essentially the script that I've found will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration.

I'd like to utilize the LF_MODSEC portion of CSF to add them to the iptables firewall so that they're blocked right at the front door.

In testing, modsec is...

hi
i need block ip for all country Except for Iran
how can ?
thanks

The documentation (readme.txt) states:

However, you can also set up a cluster such that some members only provide
notifications to others and do not accept blocks from others. For example, you
may have a cluster of servers that includes one that hosts a support desk that
you do not want to block clients from accessing. In such an example you might
want to exclude the support desk server from...

Found several attempts from an IP address in Russia that is attempting a brute force attack
on a sites wp-login.php script. I see every few seconds an attempt in the users domlogs file.

This causes the servers load to increase, and as soon as I block the IP, the load comes down.

/usr/local/apache/domlogs/USERNAME/domainname.tld

Can lfd monitor these logs as well, and block IP's that hit...

Hello,

After installing csf on vps the wget command from ssh stopped from getting any file.

I've modified iptables in main nod to be able to run csf, and it is running good.

but I faced that issue, I must put site ip in allow list to be able use wget from this site.

Please advise.

The CSF works after installing and activating the CSF. Test IPtables shows that everything is ok. All configuration is in default mode.

I tried to block an IP from the main screen with Quick Deny, server became inaccessible. I can't connect with putty, webmin, and all websites are down.

I can only connect through the console access provided by the hosting company, and if I disable the CSF and...

Yesterday I re-ran EasyApache (version 3.22.5) on my Cpanel / WHM server and since that time I have been getting 10-15 of these messages every hour or so:

Email subject line is:
lfd on : Suspicious process running under user
Me being my username, it's not nobody

Executable:

(deleted)/usr/bin/php

The file system shows this process is running an executable file that has been deleted. This...