ConfigServer Community Forum

Hi,

First my english is not so good.
My OS: CentOs Linux with DirectAdmin and installed the latest version of csf v6.06

My problem...

I have a magento webshop and a payment system for my dutch customers, like paypal.
The website of this payment system is rabobank dot nl, when a customer order a product they will redirect to betalen.rabobank dot nl
The IP of this rabobank dot nl is...

error: Failed dependencies:
sendmail = 8.14.4-8.el6 is needed by (installed) sendmail-cf-8.14.4-8.el6.noarch
W Exit Code: 254
***** FATAL: Test install failed: error: Failed dependencies:
sendmail = 8.14.4-8.el6 is needed by (installed) sendmail-cf-8.14.4-8.el6.noarch
The Administrator will be notified to review this output when this script completes
***** FATAL: Error testing if the RPMs...

I have a VPS server with the latest versions of cPanel and CSF. The VPS hosts a few websites for myself and some friends, not random strangers, so there's a higher level of trust with anyone who has access, so I don't really have to worry about any users doing stupid or dangerous things on the server, but I suppose there's always a chance one of them has a security hole in a script they're using....

Simple dont work...
I try lock my IP and test but i dont receive the message.
I cant access the message in port 8888.

Any idea?
My conf:

MESSENGER =1
MESSENGER_TEMP = 1
MESSENGER_PERM = 1
MESSENGER_USER = csf
MESSENGER_CHILDREN = 30
MESSENGER_HTML = 8888
MESSENGER_HTML_IN = 80,2082,2095
MESSENGER_TEXT = 8889
MESSENGER_TEXT_IN =21,22
MESSENGER_RATE = 30/m
MESSENGER_BURST = 5

I create the user...

Hi,

I have spent few hours until now trying to solve my problem but without success.
I'm not sure when, but I suppose it started since 12.3.2013.
My clients can't connect to FTP. If I disable csf everithing works fine.
I checked config and TCP_IN/TCP_OUT for IPv4
Open ports are: 20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,30000:35000
and I use...

I've seen some minor discussion about CloudFlare here on these forums, but haven't really seen any working solutions, especially for what I'm trying to do. Right now, I'm having two issues with the setup between CSF and CloudFlare.

The first issue is, we use csf.allow to whitelist for non-standard ports (WHM/cPanel, FTP, SSH, etc.), but with CloudFlare, we end up having to whitelist those IP's...

Should LFD be blocking DEFERRED LOGIN attempts in /usr/local/cpanel/logs/login_log ?

We recently had a situation where a large number of these entries were being logged and it was raising the server load on the server. However, LFD wasn't blocking them, and looking through the code, I don't guess it is suppose to.

Is this something was overlooked in LFD's development or is it not suppose to...

I am failing PCI because my database port is open. Thing is its not, its blocked by CSF. But in order for the PCI scans to run OK and do their checks I have to add them to the IP allow list. So THEY can see the port open, even though no one else can, and fail us!

So therefore I would like to know if its possible to keep them (and other IPs) in the allow list, but still block the database port...

LogScanner was emailing me every hour and I like to look over what it reports, but it was too many emails, so I edited the config file and set the option to daily .

Since then I have not received a single email from it.

Is this common?

Hi there,
I just installed csf and I use SSH dynamic port forwarding. I use obfuscated ssh ( com/obfuscated-openssh) for a secret handshake wich is in /opt/ob-openssh/sbin/sshd . I connect from my computer to my VPS (which csf in installed on) with:
$ ssh -D -z -Z -p
to make a socks connetion on my computer localhost: . but when I enable csf, no connection would be established. The browser will...

SPAMHAUS: Unable to retrieve spamhaus block list - Unable to download: Can't connect to www.spamhaus.org:80 (Connection timed out)

Is anyone able to reach Spamhaus? I noticed these entries in the hourly LFD reports. I'm not able to access the site even off server.

Is there a way (and if not, can it be added), to monitor the /var/log/messages file for denied/REFUSED dns queries
and block the IP addresses that hit a specific site more than so many times..?

Example:

Mar 14 11:09:47 HOSTNAME named : client 97.107.20.11#19420: query (cache) 'domainname.com/MX/IN' denied
Mar 14 11:09:47 HOSTNAME named : client 97.107.20.11#37657: query (cache)...

I use Pingdom to monitor my servers uptime across the globe. On occasion I see an IP from one of their locations get's banned for scanning the server. Normally one would just pop in the IP address that get's blocked in the ignore list and move on, but in this case they have hundreds of IPs across the world that ping the server. How can I automate this so the IPs they use get added to my ignore...

Hi,

I have setup csf on a number of servers with no issue. I have recently setup csf on a VPS and web access works fine along with email and cPanel/WHM access.

When i try to connect to an account via FTP an error message shows up after a few minutes. When i add my IP address to the allow list everything works fine.

I have probably done something wrong during setup but i have spent a few...

Seems that certain WordPress sites on our server are under some type of attack. Even password protecting the /wp-admin directory has no effect in their efforts. Here is a log snippet for just 3 seconds of activity:

74.50.26.15 - - GET /wp-admin/ HTTP/1.1 302 - - Mozilla/5.0 (compatible; bingbot/2.0; +
74.50.26.15 - - GET /wp-admin/ HTTP/1.1 302 - - Mozilla/5.0 (compatible; bingbot/2.0; +...

CSF report this error :

Can't use string ( _defheader.tmpl ) as a HASH ref while strict refs in use at /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/Template/Context.pm line 809.

i use linux centos 5.x + whm last version

what is the problem? how to solve it?

I am getting attacks via FTP but CFS doesn't seem to be blocking them or adding them to firewall block and I have to do it manually, when I see the hourly reports

they only seem to try 1 account at a time and ONLY 1 attempt at that account , but the same IP number tries numerous different accounts. I can't see any way in CFS settings to block IPs that attempt to log in to different accounts,...

Hi

I have been using CSF for several years on this server, but just today I an getting a lot of LFD failed errors, and this:
Software error:

Can't locate Net/LibIDN.pm in @INC (@INC contains: /usr/local/cpanel /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi...

Hi Guys, (and girls)

I am having this message emailed to me:
Suspicious process running under user sshd
/usr/sbin/sshd (deleted)

Command Line (often faked in exploits):

sshd: root

it also has a TCP connection to some ip address.

I am a bit concerned what this is or how to go about troubleshooting it further.
if i do netstat i can see some ssh connections saying established from unknown ip...

Hi i have a dedicated server CentOS 5,9 with WHM 11.36.0.11 and in the last update CSF v6.00 at 2 weeks agoo become a problem to me.

This server only have one site vbulletin forum , and after this upgrade my users say the site is extrem slow.

After a quick tests with a browser cleaned with no cache i can duplicate the problem, and the page sometimes takes 20 secounds to open and other times...