ConfigServer Community Forum

Hello all, I have CSF v6.07 on a VPS and have been receiving suspicious process emails pertaining to one of my websites. I can't figure out if there's a good way to whitelist these, the following details having been changed slightly to protect the innocent:

---------Begin Email---------

lfd on #host#.com: Suspicious process running under user #user#

Command Line (often faked in exploits):...

Hello

We have a problem with dumb users from a web agency and they always block their ips with wrong usernames or with conection limit. I tried many ways increasing limits but no luck with those guys...

I was wondering a way to disable CSF auto blocking and just use csf as primary iptables ruler, to just block ports and allow some ips for full access to the server. In other words, I dont want...

Hi all,

Does any one know if csf firewall changes the file rights of wp-config.php to 600 or does some thing with file rights ??

For a period now we notice that on 1 server the wp-config.php file rights get changed to 600 and we are unsure on how it happens csf is the only scanner we have running next to the control panel (Direct admin) .

Our /var/log/messages is full of entries like this:

Sep 22 04:52:05 apogee named : client 62.6.40.178#48758: view external: query (cache) 'homefarmland.com/MX/IN' denied
Sep 22 04:52:06 apogee named : client 24.197.239.154#52579: view external: query (cache) 'homefarmland.com/MX/IN' denied
Sep 22 04:52:07 apogee named : client 74.125.181.25#65069: view external: query (cache)...

The CSF control panel page in WHM on my server is just empty after cPanel upgrade (11.32.2.15) last night.

I would like to know if I turn on Distributed SMTP Logins , but I have 3 IP addresses already whitelisted in the lfd.ignore area, if it gets triggered, would it ignore the whitelisted IP's for this check?

I just want to make sure before I turn it on.

After upgrading to WHM 11.36, I'm getting email alerts regarding excessive resource usage with Squirrelmail, for example:

Resource: Virtual Memory Size
Exceeded: 231 > 200 (MB)
Executable: /usr/local/cpanel/3rdparty/php/53/bin/php-cgi
Command Line: /usr/local/cpanel/3rdparty/php/53/bin/php-cgi /usr/local/cpanel/base/3rdparty/squirrelmail/src/right_main.php

(in addition to right_main.php, we...

This morning I opened a ticket with our server provider because our server was down, and even though it would come back up after a reboot it would go down again within a few minutes. They claim this is because the server was under attack and running out of memory, I've provided their evidence below. I manually blocked the IP address in question in CSF immediately after rebooting the server again...

Getting the above on all configserver apps (since a recent whm/cpanel update)

ConfigServer Mail Manage
ConfigServer Mail Queues
ConfigServer Explorer
ConfigServer Security&Firewall
ConfigServer eXploit Scanner

cPanel 11.25.0-R42213 - WHM 11.25.0 - X 3.9

Hello, and thank you for building this tool that I completely love.

I've been experimenting with Port Knocking and it works perfectly, but just for opening one port server-wide.

Is there a way to define multiple ports to open or different sequences for different ports?

For example: I have a server that acts as a Webmin controller for other servers, and also as a SSH proxy to the same servers....

Hello,

i'm installing a script and it ask me to open port , just as in below :

Due to Facebook policy changing, you should open port 5222 on your Firewall to make Contact Importer work.

how can i do this please ?

wish you help me please kindly

thanks

Hi all,

I'm using a global deny list from Stop Forum Spam and am keen to use their Last 30 days list that is just under 129,000 IP's (quite a beast).

It would provide a good level of protection for me, but am I safe keeping my actual max deny IPs set to the last 100 (default) but having a hard coded list this large? Or will a list this large cause issues. I'm loading it from a .txt file every...

I'm getting this error message back from lfd.

SPAMHAUS: Unable to retrieve spamhaus block list - Unable to download: Bad Gateway

Is anyone getting the same message? If so, what to do about it ?

Thanks.

Pete

Please guide me how to close one or more ports of server by CSF?

Thanks.

How to make CSF react on additional lines in my secure log, such as:

Mar 19 13:28:49 host webmin : Invalid login as user1 from 1.1.1.100
Mar 19 13:34:12 host webmin : Non-existent login as test from 1.1.1.100

How could I block those who failed logging in to Webmin for more than 3 times?

Mar 19 13:35:11 host webmin : Successful login as root from 1.1.1.100
How to send an alert email for...

I am using a very minimal Debian Squeeze server. I don't have a mail server installed.

I've already installed sSMTP (wiki . debian . org/sSMTP) and was able to properly configure Gmail as the SMTP server.

My question is how can I use this so that CSF will use sSMTP when sending email alerts?

Hello, I am using command line only without cpanel.

My config says TESTING = 0 and i've restarted using: service lfd restart and csf -r but the last line says *WARNING* TESTING mode is enabled - do not forget to disable it in the configuration

Is this normal?

I'm using csf: v6.02 (generic) on Debian Squeeze

I just installed csf in my cpanel server. I got this error message while starting service. (I didn't modify any file)

Error: Error processing command for line (10 times): , at line 515

Also getting the following alert all the time

lfd failed @ Wed Nov 28 11:29:26 2012. A restart was attempted automagically.

I failed to start csf and lfd.

Please help me to resolve the problem.

We are running shoutcast server on a server.
Yesterday we moved this server, change nameservers etc. all is working fine except I keep getting messages about shoutcast like this:
Time: Fri Mar 22 14:16:52 2013 +0100
PID: 4379 (Parent PID:4379)
Account: admin
Uptime: 43310 seconds

Executable:

/home/admin/domains/mydomain.nl/public_html/shout/sc_serv

Command Line (often faked in exploits):...

Hi CSF,

I seemed to have lost SSH access to my server. My environment is CentOS 6.4 64-bit, DirectAdmin and ConfigServer Firewall. I have the SSH access port set to something non-standard. Every time I try to connect I receive the following error from kitty:

Server unexpectedly closed network connection

After the latest CSF update, it no longer wants to work. I checked the firewall settings...