ConfigServer Community Forum

Hi,

I have CSF installed on some openVZ virtual machines. The problem I have is that some connections to the server are blocked on ports that are allowed :

config :
TCP_IN = 20,21,22,25,53,80,110,143,443,465,587,993,995,4949
TCP_OUT = 20,21,22,25,53,80,110,113,443,465,587,3306,4949,11371
UDP_IN = 20,21,53
UDP_OUT = 20,21,53,113,123

With these ports allowed I don't understand why these...

Can you tell me how to suppress the warning message for the current root compromise in lib64
we are aware of the issue and are working on it
i tried every format i could think of in the ignore files with no luck

I do appreciate your systems and the warning but a y our aware some time need to suppress odd message while working on it
until its repaired i want to suppress sit.

Just a heads up, I've been getting Unable to connect to for both the firewall and MSFE for the past 10-15 minutes.

Currently my csf.dirwatch file is empty (which is the default). I would like to add some things to it, but I noticed that I already get alerts like this:

============

lfd on example.com: System Integrity checking detected a modified system file

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an...

My server very rarely sees any dodgy attempts to access it and has been this way for over 6 months since I set it up.

I am a total newbie to all of this so please go easy on me and avoid too much jargon :D

In the last 48 hours though it's seeing a lot more - and I notice something common to them all, despite them being from all over the world, and trying different ports / accounts.

Here is an...

Hello,

We have CSF/LFD installed on several servers and I love it. When it updates itself, we regularely receive Emails alerting about checksum changes:
/usr/sbin/csf: FAILED
/usr/sbin/lfd: FAILED
/etc/init.d/csf: FAILED
/etc/init.d/lfd: FAILED

I added these to csf.fignore but still receive the emails. Is it possible for CSF/LFD to ignore itself and not send emails when it updates?

kind...

I can't get CSF 5.76 to start on a VPS.

I note that running /etc/csf/csftest.pl gives the output:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED - Required for CONNLIMIT feature
Testing...

I run CSF on an OpenVZ VPS which automatically updated to the latest version (5.76) about an hour ago. Before the update there were no problems at all, but since the update I now get an error although all required modules are enabled. I've disabled automatic updates for my other VPS's and servers as I think this might be a bug.

Error: Error processing command for line (10 times): , at line 1114...

As per subject, last update v5.77 (even v5.76) only allow whitelisted ip in csf.allow to contact the server. I got this issue on 2 servers running plesk and a custom kernel from ovh.

Hope someone can provide further support about this issue.

Regards in advance.

Hi all,

Does any one know why csf reports this Blocking 2001:1be8:3f03:0480:0000:0000:0002:02f3...

deny failed: is one of this servers addresses!

As that im sure that this ip is not used ont this server the ipv6 address on this server that is uses is 2001:1be8:3f03:0480:0000:0000:0002:0213

It looks like it wont block it becouse it is in the same range strangly enough with ipv4 you can for...

Hi,

All our webhosting servers have automatically updated to version 5.75.
Each time a user/customer have been blocked we cannot see the reason in the GUI in plugin in cpanel.
We have to manually restart the csf Restart the csf iptables firewall to get it removed.

No other way to get it removed.
Any one else have the same problem?
Will this be fixed in new release? :)

Hello,
I should be able to disable contract in csf as I do?

How do I get an attack synflood and this module is enabled, the server crashes, disabling csf works.

I need LFD always active.

Hello,

It looks like CSF firewall is not blocking IP blocks (CIDR ranges) properly.

For instance, I had setup the following rules manually:

csf.deny
208.86.196.0/22 # do not delete Manually denied - Mon Oct 15 17:17:39 2012
208.93.4.0/22 # do not delete Manually denied - Mon Oct 15 17:20:03 2012
178.137.80.0/20 # do not delete Manually denied - Mon Oct 15 17:26:50 2012

But some IP address...

Intel PI 5 w/ 4G of Ram
###############################################################################
# Copyright 2006-2010, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com
###############################################################################

# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be...

I'm new to my VPS that I've got signed up for and I'm loving it so far. I also like the firewall and how configurable it is and how easy it really is to manage via the interface. There are some small issues that is happening. Some IP addresses are getting temporarily blocked and I'll receive an email letting me know this. I will eventually get around to checking the settings and/or inputting a...

Hi,

just have a question if it is possible to CC_ALLOW_FILTER on specific port like allowing destination port 20/21 only to CA/US
so all other countries can still access to web pages etc... but stop attacking FTP access.

Thanks.

Hi folks,
I recently had my datacenter update WHM/Cpanel to 11.36X and I've been getting flooded with hundreds of emails a day now indicating Suspicious processes and Excessive processes all related to webalizer for every account on my box.

My data center is suggesting trying increasing some of the process tracking directives for CSF.
I'm not understanding how updating Cpanel should require me...