Hi,
On 5 servers, csf has failed to update since version 6.15. Only just noticed this today so manually updated all to 6.20
Servers are on different networks and auto update set to 1
Note, the upgrade from 13 >15 did not show the error reported here
Im seeing a BUNCH of distributed FTP attacks - they started a few weeks ago - for a time I disabled FTP - then I renabled it and now they are back
They are attempting to login using ADMIN and USER accounts - which of course dont exist
They may be referring to default windows accounts not sure but they dont exist in cpanel linux servers
Im wondering if its possible to block IPs as soon as...
I have ConfigServer Security & Firewall installed on my WHM/cPanel server. It's great and really thwarts a lot of intrusion attempts as well as other security features.
Have one BIG problem however. For security I have SMTP_BLOCK enabled to stop spam out from malicious scripts (if any where ever installed). Under CSF configuration I have SMTP_ALLOWUSER set to the accounts that I always want to...
I upgraded to cP 11.38.0.16 on 6/14/13. Afterwards (on the same day) I updated all CSF scripts with: curl -s configserver.com/free/csupdate | perl as suggested in the log.
Last night (6/17/13) or early this morning MailScanner stopped running (which hasn't happened in a very long time). In going through the logs to investigate what caused it, I found these entries in...
What does this message in lfd.log mean? I see it on both nodes in a newly configured generic Linux server cluster. I don't see it on my cPanel server cluster, which also includes one generic Linux server. Is something misconfigured?
Nov 9 11:10:57 xxxxxxxx lfd : *WARNING* Cluster member xxx.xxx.xxx.xxx (xxxx.xxxxxx.xxx) talking nonsense
I've been trying to work out why cPanel backups (New and Legacy) are causing massive load spikes making my server unusable. So far, with the help of cPanel support, it's been narrowed down to lfd.
They installed a system snapshot script to monitor the services, I then reported at the moment the spikes were happening. They used this information to check which service has been causing the...
I have CSF on a cPanel server, and two times within the past two weeks I've received an email from the cPanel Service Monitor saying that LFD had stopped and had been restarted. I checked /var/log/lfd.log and found this:
Jun 16 14:46:21 gerald lfd : *SSH login* from X into the Y account using publickey authentication
Jun 16 15:16:27 gerald lfd : *SSH login* from X into the Y account...
Hello,
Whe are suffering from attacks / login atemps from perfect-privacy.com.
is there anyway to bock this domain..
the have serveral servers around the world so blocking by IP address is not a option.
There is no list availible of al the servers from this..
I want to move from fail 2 ban to csf and i use a regex to check var/log/freeswitch/debug.log for failed auth attempts
how would i translate that into a regex for csf?
\ sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \' +\' for \ from ip
\ sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \' +\' for \ from ip
I am having trouble with my CSF and denying whole countries.
I am trying to block the country of Chia.
I have the following line in my csf.conf file.
CC_DENY = CN,RU,VN,NG,RO,UA,IN
I have restarted my csf after I made changes.
I am still getting IP's from China getting to my server.
I have checked my server logs and there are IP's that start with 175.44, which are from China.
Hi guys, apologies if this is in the wrong section. But I've ran out of options on what to do with this specific problem. I've done the research, and I can't seem figure out what it is. Other people keep getting the MLSD error on the FTP side. I can connect perfectly (probably because cPanel/Server recognizes im the admin IP (idk))
Most of the posts with this error are on shared hosting. I have a dedicated server with this error.
When I run the IP Tables test from csf I get:
Testing iptables...
With our WHM VPS, we use a third party service for weekly backups. This process always triggers the following:
/usr/local/cpanel/3rdparty/perl/514/bin/perl
We receive a CSF alert for each and every account that gets backed up. Is it safe to ignore this Perl path in csf.pignore? If so, do I simply add a line for:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum