Ahhhh. It would seem I was misunderstanding CC_ALLOW_FILTER, thinking it was essentially blocking all, but allowing in my case US. It seems that is not the case.
Let me please ask this follow up. Rather than me blocking quite a few CC codes specifically, since I understand that would create immense IP tables, is there any way to say block all except (in my case US) . Some folks may question this...
Hi there,
I have been struggling with finding out a reason, as to why on certain terminals on my office LAN which are using a Public Static IP address - I am unable to receive email from my Email server hosted on OS
CentOS v7.9.2009 STANDARD vmware
cPanel Version
106.0.9
I even tried to add it to the csf.allow, file so to skip its check and avoid blocking it BUT I haven't succeeded.
Now my server had configurated with permanent ban that IP after temporary ban 4 times. But I don't know the option which I can config to auto remove/unban/release permanent IP in csf.deny after seconds/minutes/hours/...
Hello, I have been using Configserver on WHM/Cpanel on CentOS for years and recently moved to a new server with WHM/Cpanel on CentOS.
The file csf.conf keeps getting overwritten with what appears to be a default configuration. I make changes and safe via the UI in WHM/CPanel or I make changes via SSH and Emacs. Either way, after some time the file is replaced with a 'default' csf.conf that...
I’ve a running CSF installation with messenger service on CloudLinux 8, I’ve migrated it from iptables to ipset to use blocklists, works wonderfully. But now I have a problem which I cannot solve: if I use the variable CC_MESSENGER_ALLOW and enter any country code or more then I can no longer reach the messenger (v3) page from a blocked IP. I have made sure that CSF recognizes my country...
After googling for some time and not finding anything on this problem I'm asking here for some help.
I've setup remote logging for rsyslog on debian 11 and when CSF / LFD ist enabled, I get the following error for rsyslog:
(changed URL inside of the error message because of limitations)
Oct 30 16:54:08 SERVER85 rsyslogd : action 'action-0-builtin:omfwd' suspended (module...
I cannot reproduce this on any other servers, but am not sure where to go with this. LFD is detecting brute forces fine and logs that it is blocking the IP:
Oct 28 17:06:44 dalgarno lfd : (sshd) Failed SSH login from 112.95.75.195 (CN/China/-): 5 in the last 300 secs - *Blocked in csf*
However, the IP does not end up in IPTABLES nor does an entry get written to /etc/csf/csf.deny
Hello all
I needs support. I am trying to protect the login to my application using regex.custom.pm
I added to /etc/csf/csf.conf > CUSTOM1_LOG = /var/log/apache2/my_log
log code
my.domain.com:443 1.1.141.25 - - POST /api/v1/hybrid/session/start HTTP/1.1 200 257 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
I need some help with to set up csf and cloudflare.
In the csf.conf i set up the following lines:
CF_ENABLE = 1
CF_CPANEL = 1 -> because i use cpanel with many users.
The Config said this:
# If the CloudFlare user plugin has been installed, enable this setting to use
# per cPanel account settings rather than listing each account in
# /etc/csf/csf.cloudflare
When CF_ENABLED is set to 1, Is there a log of CSF's interactions with CloudFlare?
I have mod_remote IP setup and working, mod_security is setup and working, and in the LFD log I can trigger the mod_security rules and see a block come up (I am testing via TOR):
Hi, I reported this on the cpanel forum as it was tied in with an exim issue I was having but they advised that I bring this over to your own forum for you guys to check out.
The emails I have been receiving from CSF (root access alert, high load alert etc..) are all going in to spam and when I look in to the header of the message, one of the high scoring spam markers is related to the content...
I wanted to take the time to come here to thank the developers of csf/lfd. I have been using it on many dedicated CentOS servers for years now and I never had a single problem. It's easy and powerful and I feel that my server are bulletproof!
I want to gradually switch to Debian and I was very happy to see that you also support this distribution.
Thank you very much for your great work!
It seems that this stopped working between October and November with the most recent IMAP block being on 02 Dec 2021. I'm not sure if it's related to the CSF 14.15 update that was released on 04 Dec. Looks like it updated on 05 December. This is affecting all our Interworx servers.
These are my IMAP blocks.
LF_IMAPD = 10
LF_IMAPD_PERM = 1
IMAPD_LOG = /var/log/dovecot/dovecot.log
and INTERWORX...
For the last few weeks, every night around 10 PM I receive emails from my LFD:
Subject: lfd on XXX.XXX.COM: SYSLOG Check Failed
Time: Wed May 26 21:38:05 2021 -0400
Error: Failed to detect code in SYSLOG_LOG
SYSLOG may not be running correctly on XXX.XXX.XXX
Any ideas where I should start to look? I opened a ticket with cPANEL and they say that they use rsyslogd instead and that it...
Looks like one of my servers is not upgrading... and probably for a while.
Upgrading csf from v14.08 to 14.17...
Retrieving new csf package...
Unpacking new csf package...
sh: line 0: cd: /usr/src: No such file or directory
tar (child): csf.tgz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable:...
I can't explain why this is happening, but in recent weeks CSF has begun blocking outbound traffic to specific update servers for cPanel services. At first I thought it was all related to a forced server host name change by GoDaddy, but on further review it seems to be something else. The timing of it all just made it all suspect though.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum