While CSF is active, it also blocks the IP of normal users. How can I find a solution to this? The IP of our customers using Outlook is blocked. Since the ip is not fixed, it is not a solution to remove ip.
Hello
I am trying to filter incoming messages via CSF
When I apply this:
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\ : warning:.*\ : SASL *? authentication failed/)) {
return ( Failed SASL login from ,$1, mysaslmatch , 3 , 25 , 1 );
}
This does not break, I do not see the IP blocked in the management.
Any idea?
Mz
A new server with Cloudlinux installed, Installed CFS, but all messages are logged to the console, making the console unusable.
I have no idea what setting needs to be done for this to stop. Any help is appreciated, as I am sure I am not the only one. This was presented before here: (but no fix was provided)
Instructions I think how to block tor in /etc/csf/csf.blocklists by uncommenting this line (remove the #):
#TOR|86400|0|
and in /etc/csf/csf.conf make sure URLGET is set to use LWP then restart the firewall
We leave the ip=1.2.3.4 and don't change it to our server ip address?
I'm using Logwatch and have noticed a bunch of logs coming in for ICMP.
For example:
iptables firewall
Listed by source hosts:
Logged 1760 packets on interface eth0
From 3.87.248.151 - 1 packet to icmp(8)
From 3.231.165.178 - 2 packets to icmp(8)
From 3.236.183.212 - 2 packets to icmp(8)
From 3.236.184.164 - 3 packets to icmp(8)
From 3.237.184.3 - 1 packet to icmp(8)
From 3.238.39.131 - 1...
I run a MyBB forum, and MyBB utilizes PHP mail() for account activation e-mail addresses. In my csf.deny, I have 0.0.0.0/0 denied. This is to prevent all incoming requests directly to the server. The website is only accessible by going to the domain. The issue with this, is that it makes PHP's mail() function a little finicky. Is there a way with CSF to block all incoming requests, but allow all...
I am using block_all_temp profile to temporarily block the IPs attempting a brute force attack. using this profile, it only allows me to block the IPs for 1 hour aftr this the IPs get unblocked. i want to customize this time to 5 min for example. so that, any IP trying brute force attack will be blocked for 5 minutes only. help will be grateful.
With the High Load template for instance, there are set variables which don't seem to be documented.
This includes , , , , and however there doesn't seem to be a way to tweak them. For instance, we'd like to amend how ps is invoked (and likely include a 2nd copy of it, sorted differently), include iostat/sar reports and others.
How does one go about amending what the above variables...
I'm struggling to find any info on how to resolve it, other than removing RU from the CC_DENY list. I understand what the issue is, just don't know how to either remove/fix that entry in CC_RU.
Hi all,
I need help with Check Server Security configuration on cPanel VPS.
My VPS hosts mutliple Wordpress and various different Laravel CMS websites, along with some static content.
I need to know is it safe to do as Security says (disable) and will it impact my websites:
PHP Check
1. Check php for enable_dl or disabled dl()
2. Check php for disable_functions
I use Centos 7 and DirectAdmin have an issue with unblock adress IP. Validation recaptch works but adress IP still block.
In /home/csf/public_html/index.php file_put_contents doesn't work and unblock.txt and lfd_messenger.log don't create.
PHP Warning: file_put_contents(/home/csf/unblock.txt): failed to open stream: Permission denied in /home/csf/public_html/index.php on line 252PHP message:...
Hello, i want to know is this rule that i have wrote correct?
i mean that can we use source port and desteniation port after each other with same ip.
tcp|in|s=0_65535|s=x.x.x.x
tcp|in|d=(some specific ports)|s=x.x.x.x
Hi all,
I am rebuilding my infrastructure and those services facing the public, I am opting to use CSF instead of vanilla IPTables.
I am having a bit of an issue when CSF is active Bird2 is failing to work properly, I was wondering if anyone else has had this issue before and solved it.
The error I get is:
bird : ospf1: Socket error on enp6s0: Operation not permitted
I created an extremely simple wordpress plugin that creates log of failed login attempts, this way I can target only a brute force attack and not a webmaster login into several sites in an hour for normal work (this is a server with more than a thousand wordpress sites)
I can make the log any way I want, but so far I am appending a timestamp and the ip of the failed...
Just in the last 5 days or so i started to see our server IP addresses showing as listed in RBLs (Notably spamhaus.org lists)
This was weird because it was showing IPs that we are not actually using (sitting idle) as listed also
So i manually tested all the IPs at spamhaus.org and they are all clean.
I also started to get customers telling me that email to them has been rejected and returned...
Please help me understand.
For some reason CSF is blocking SNMP communication between my Monitoring system and the router. I have both IP addresses listed in csf.allow with nothing else on the line. Should that not allow full communication between the two? All other services are working fine.
Thanks.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum