ConfigServer Community Forum

Is there anything I need to change/modify in CSF when changing SSH from port 22 to another port (ex. 55000)?

Hello All,

We have a server that blocks all connection at midnight everyday. We have the same configuration on about 50 severs without any issue. I tried to reinstall CSF, update kernel, iptables -F, etc. I did not find the answer.

Here the logs :

====================================================

Feb 27 00:00:02 lfd : TERM
Feb 27 00:00:02 lfd : daemon stopped
Feb 27 00:00:02 lfd : daemon...

Greetings.

As far as I understand, there are no plans to make csf version that tries to use ipset module if one available.

Aas far as I understand csf license, it doesn't allow deriving any other softwar eproducts.

If there are no plans to generate ipset-aware version of csf, is it possible to receive a permit to make derived work?

Thanks.

Actually the connectiontracking.txt file reports this information:

From: root
To: root
Subject: lfd on : blocked with too many connections

Time:
IP:
Connections:
Blocked:

Connections:

--------------

I like receive in this SAME email this other variables:

Time:
1 Min Load Avg:
5 Min Load Avg:
15 Min Load Avg:
Running/Total Processes:
--------------

--------------

How can i...

Hello,
I have in my csf.conf

LF_MODSEC = 0
LF_MODSEC_PERM = 0

LF_CXS = 0
LF_CXS_PERM = 0

But csf still banning by mod_security trigger:

103.31.186.82 # lfd: (mod_security) mod_security triggered by 103.31.186.82 (HK/Hong Kong/lh21178_voxility_net): 20 in the last 300 secs - Mon Feb 25 19:57:56 2013

root@ghost # csf -v
csf: v5.79 (cPanel)
root@ghost # cat /etc/*release*
CentOS...

For the past 3 years, we have had a setting in our csf.allow that has functioned just fine.
It's a connection to a specific IP and port for license validation.

On any server that has to connect to the license server, we have this:

tcp|out|d=15xx0|d=NNN.NN.NNN.NN # wcm license validation server out to port 15xx0 only

On the license validation server, we have this line:...

I turned on the built-in GUI. Left the port at 6666, which is the default. Restarted. Now when I try to acess
it says page isn't there. Is this the correct procedure?

Thanks

I have installed csf on my Xen virtual server that I manage with WHM/cPanel & am now trying to configure it to tighten up security. I tried enabling SMTP_BLOCK but when I do this CSF fails with the rather unhelpful error messages below. Any ideas how to fix this?

DROP tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:25
iptables: Unknown error 4294967295
ACCEPT tcp opt -- in * out *...

how can I stop LFD sending me alerts from mailman ONLY about numbers of emails relayed
I don't want to allow all local host, just in case something happenss or a spammer gets in
I run a fairly active mailing list on the server where we often get over 1000 posts a day & when they are sent to the 50 or so members, it can soon fill my inbox

All I want is a way to stop the alerts from mailman not...

Added new options CC_DENY_PORTS, CC_DENY_PORTS_TCP,
CC_DENY_PORTS_UDP. This feature denies access from the countries
listed in CC_DENY_PORTS to listed TCP/UDP ports. For example, using
this FTP access port 21 could be blocked to only the specified
countries

I just want to make sure I'm understanding this correctly?

If I wanted to block access to say port 22 to all countries apart from...

Hello!

I can't connect from one server to anothers using wget for example, but this only happends to ones, others work. I check and port 80 it's open both, in/out. Also, there are other services running normally in the server. I tried also stopping all but still the error, it's very rare, any help? Thanks.

Hello,

I use on two servers an almost identical configuration, however on one of them it recently started to have false pozitives somehow and 100+ of my visitors when they access the main page of one of the websites(an index.html page) gets banned and the message that appears to me is lfd on hostname: ip (provider) blocked for port scanning

Somehow it started to give false pozitives, the issue...

Hi,

If I login to the console and doing something and the firewall blocks someone I seem to get the alerts come up on the console.

Is there something I can do to stop these alerts appearing?

Thanks

Hi,

I would like to turn off the warning for the subject line. However I do not wish to turn off the warnings in general.

Thanks
Frank

Hi,

I have CSF installed on some openVZ virtual machines. The problem I have is that some connections to the server are blocked on ports that are allowed :

config :
TCP_IN = 20,21,22,25,53,80,110,143,443,465,587,993,995,4949
TCP_OUT = 20,21,22,25,53,80,110,113,443,465,587,3306,4949,11371
UDP_IN = 20,21,53
UDP_OUT = 20,21,53,113,123

With these ports allowed I don't understand why these...

Can you tell me how to suppress the warning message for the current root compromise in lib64
we are aware of the issue and are working on it
i tried every format i could think of in the ignore files with no luck

I do appreciate your systems and the warning but a y our aware some time need to suppress odd message while working on it
until its repaired i want to suppress sit.

Just a heads up, I've been getting Unable to connect to for both the firewall and MSFE for the past 10-15 minutes.

Currently my csf.dirwatch file is empty (which is the default). I would like to add some things to it, but I noticed that I already get alerts like this:

============

lfd on example.com: System Integrity checking detected a modified system file

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an...

My server very rarely sees any dodgy attempts to access it and has been this way for over 6 months since I set it up.

I am a total newbie to all of this so please go easy on me and avoid too much jargon :D

In the last 48 hours though it's seeing a lot more - and I notice something common to them all, despite them being from all over the world, and trying different ports / accounts.

Here is an...