I am failing PCI because my database port is open. Thing is its not, its blocked by CSF. But in order for the PCI scans to run OK and do their checks I have to add them to the IP allow list. So THEY can see the port open, even though no one else can, and fail us!
So therefore I would like to know if its possible to keep them (and other IPs) in the allow list, but still block the database port...
LogScanner was emailing me every hour and I like to look over what it reports, but it was too many emails, so I edited the config file and set the option to daily .
Since then I have not received a single email from it.
Hi there,
I just installed csf and I use SSH dynamic port forwarding. I use obfuscated ssh ( com/obfuscated-openssh) for a secret handshake wich is in /opt/ob-openssh/sbin/sshd . I connect from my computer to my VPS (which csf in installed on) with:
$ ssh -D -z -Z -p
to make a socks connetion on my computer localhost: . but when I enable csf, no connection would be established. The browser will...
Is there a way (and if not, can it be added), to monitor the /var/log/messages file for denied/REFUSED dns queries
and block the IP addresses that hit a specific site more than so many times..?
Example:
Mar 14 11:09:47 HOSTNAME named : client 97.107.20.11#19420: query (cache) 'domainname.com/MX/IN' denied
Mar 14 11:09:47 HOSTNAME named : client 97.107.20.11#37657: query (cache)...
I use Pingdom to monitor my servers uptime across the globe. On occasion I see an IP from one of their locations get's banned for scanning the server. Normally one would just pop in the IP address that get's blocked in the ignore list and move on, but in this case they have hundreds of IPs across the world that ping the server. How can I automate this so the IPs they use get added to my ignore...
I have setup csf on a number of servers with no issue. I have recently setup csf on a VPS and web access works fine along with email and cPanel/WHM access.
When i try to connect to an account via FTP an error message shows up after a few minutes. When i add my IP address to the allow list everything works fine.
I have probably done something wrong during setup but i have spent a few...
Seems that certain WordPress sites on our server are under some type of attack. Even password protecting the /wp-admin directory has no effect in their efforts. Here is a log snippet for just 3 seconds of activity:
Can't use string ( _defheader.tmpl ) as a HASH ref while strict refs in use at /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/Template/Context.pm line 809.
I am getting attacks via FTP but CFS doesn't seem to be blocking them or adding them to firewall block and I have to do it manually, when I see the hourly reports
they only seem to try 1 account at a time and ONLY 1 attempt at that account , but the same IP number tries numerous different accounts. I can't see any way in CFS settings to block IPs that attempt to log in to different accounts,...
I am having this message emailed to me:
Suspicious process running under user sshd
/usr/sbin/sshd (deleted)
Command Line (often faked in exploits):
sshd: root
it also has a TCP connection to some ip address.
I am a bit concerned what this is or how to go about troubleshooting it further.
if i do netstat i can see some ssh connections saying established from unknown ip...
Hi i have a dedicated server CentOS 5,9 with WHM 11.36.0.11 and in the last update CSF v6.00 at 2 weeks agoo become a problem to me.
This server only have one site vbulletin forum , and after this upgrade my users say the site is extrem slow.
After a quick tests with a browser cleaned with no cache i can duplicate the problem, and the page sometimes takes 20 secounds to open and other times...
For the last 24 hours I have been getting pummeled from 1000's of ips all targeting the same uri attempting a sql injection exploit. I have atomic mod_ security rules in place which are working fine and successfully blocking all the attempts. Of course I want these ips blocked, but obviously useless. I have CSF installed and as a result of the number of max ips allowed in iptables, my table is...
First of all thanks a lot for this wonderful product.
I am having issue on a server where I have memcached running for a VBulletin forum. I have put an entry for memcached process in csf.pignore file but I think it has nothing to do with the alerts I am getting relating to memcahced TCP connections
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php...
I am having a hard time figuring out what ports are being scanned. The below block is in fact from a hosting client and the temp blocks stop him from downloading mail.
Can someone please let me know what blocks are being scanned below so I can help the client to resolve this.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum