ConfigServer Community Forum

hello
I've installed Direct Admin on my server and I need to install CSF on it but it's not possible
--------------------------------
Checking Perl modules...
Can't locate LWP/UserAgent.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 22) line 2.
BEGIN...

Hi all. I've been working in mitigating the attacks I'm suffering in my server and now I have a question.
Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:

om/m1oly.png ( remove the space, sorry I can't post links )

(there is no filter in the capture, only port...

Hi,

I can not update anything having to do with access to the Redhat network with CSF running. I have two switch off CSF just to update PHP, etc.

The following command at shell times out after several minutes with CSF running:

time yum list updates

The output eventually reads:

There was an error communicating with RHN.
RHN Satellite or RHN Classic support will be disabled.
Unable to connect...

Hello,

I have a dedicated cpanel server at a colo here in Virginia. We have 1 client who has employees who connect to virtual desktops on a Citrix VM. While working on their virtual desktops they cannot see any websites we host; traceroutes show them traffic stopping one hop before our server.

We switched to CSF from APF a few months ago. I have this clients Citrix ip range (an entire /24)...

Hi there -

My servers are setup to only allow ssh by root. These alerts work fine with actual root logins but I've also gotten a couple of alerts with no evidence of an actual ssh/root login -

lfd on server.servername.com​: SSH login alert for user root from 62.212.154​.143 (NL/Nether​lands/www.​digiinfo.n​l)

When I parse /var/log/secure for this IP, there are no log entries. When I parse...

Hi,

I have a customer who's IPs are continually being blocked (he appears to have extremely frequently changing dynamic IPs!)

Is there a way I can find out more about what is causing the block? When I go to csf.deny is just says too many temp blocks :(

Thanks!

Hello,

I'm trying to configure LFD to send me an e-mail only when root logs in via SSH. I have LF_SSH_EMAIL_ALERT=1 and I get e-mails on every login to SSH, which I don't really need, especially since FTP is disabled and I require all users to use SFTP so I don't need an e-mail everytime they FTP in to upload files. So I just want alerts on root login, is there any way for me to configure this?...

Hello, good afternoon all ;)

If possible change time temp ban in csf firewall ?

I did not find anything about it.

Someone can help me and tell me if you can and if you ... how to do?

Thanks for support and assistance.

Best Regards,
Maelstrom

Hello all,

I am seeing many failed entry attempts in my mainlog for exim. Here is a snippet from that log file:

2011-09-18 16:48:22 login authenticator failed for 200-161-109-106.dsl.xxx.xxx.xx (ieikedh dot com) : 535 Incorrect authentication data (set_id=1234)
2011-09-18 16:48:24 login authenticator failed for 200-161-109-106.dsl.xxx.xxx.xx (ieikedh dot com) : 535 Incorrect authentication...

Hi,

Looking at the following line, how do I know which email account caused the firewall block:

vps lfd : (smtpauth) Failed SMTP AUTH login from 196.214.185.114 (ZA/South Africa/dc1.mesure.co.za): 5 in the last 300 secs - *Blocked in csf*

Got a weird problem. Running Centos 6.3, cpanel, csf. The server isn't receiving email. It sends fine.

csf configuration shows port 25 inbound/outbound open.

From two other servers I tried to telnet in to the server and the connection is refused ( telnet xx.xx.xx.xx 25 )

It is refused whether csf is enabled or disabled. Both the server IPs are also whitelisted in the firewall.

Host Access...

Hi,

One of our client is not able to open webmail and cpanel when CSF firewall is enabled on the sever, i have checked their local ISP's IP 116.203.16.172 is not blocked in the server firewall in temp deny or perm deny, though they are not able to open webmail and cpanel. then i have tried to allowed that IP in server firewall allowed list but the problem is still persist. as i disabled CSF...

Hi

I'm new to this ConfigServer/ModSecurity.

I've got an issue with CSF blocking PDF uploads bigger than 4mb. I've included the logs and removed anything that might identify our site/login details :)

Can anyone advise what to do here?

Thanks

GD

==> /etc/httpd/logs/modsec_audit.log 64216 80
--cba2c550-B--
POST /wp-admin/async-upload.php HTTP/1.1
Host: examplecom
Connection: keep-alive...

Hello i have problem with one user on my dedicated server i accept email every 10 min from server with this message

Time: Thu Dec 13 16:02:27 2012 +0100
Account: guxi
Resource: Virtual Memory Size
Exceeded: 210 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/guxi/public_html/index.php
PID: 724755
Killed: No

What need to do to repair this problem or why i accept this...

Time: Thu Dec 6 10:53:56 2012 +0800
Account: cvemail
Application: pop3d
IP: 124.104.xxx.xx (PH/Philippines/124.104.xx.xx.p)
Logins: 61
Interval: 2245
Allowable: 60 logins per hour in 3600 second interval
Flushed in: 1355 seconds

what the line Interval: 2245 mean?
in 2245 seconds there where 61 logins?
client set pop checking/download every 3-5mins. how can mailer have 61 logins..

Error: ip6tables command failed, you appear to be missing a required ip6tables module, at line 554
ip6tables: No chain/target/match by that name.

Can anybody please help me out?
I get this after I restart CSF from Webmin using medium security configuration.
Thanks in advance,

--Indulgentu

First to thank the CSF developers for giving us this wonderful product.
I have read and googled all the dovecot regex examples, and other users samples, but cannot find one that would work for me.

I have spent hours trying to self-help but unsuccessfully, due to my not being good in perl, or regex.
Am using Centos 6.3 and dovecot v2.0.9.
dovecot log file is in /var/log/dovecot-info.log (thus...