ConfigServer Community Forum

Hi, Is there a way to permanently set up an email to receive warnings about firewall attacks or problems that could endanger the system?
I'm new to ConfigServer firewall & security, so I need to share your experience.
Thanks!

Hey guys,
Is there a way to open DNS queries (port 53) globally, while still using CC_ALLOW_FILTER = US,CA for the rest of the ports?

We have some customers who's mail is getting blocked because servers outside of US/CA can't query the DNS to get the MX entries.

Hello,

LFD goes down after 5 minutes with no warning in the logs.

After a restart this works for another 5 minutes and goes to inactive again.

I'm using this on Cloudlinux 7.7 with Plesk Obsidian.

thor:/var/log# csf -v
csf: v13.07 (generic)

thor:/var/log# systemctl is-active {csf,lfd}
active
inactive

Thank You,

CC_ALLOW_FILTER not working.

# An alternative to CC_ALLOW is to only allow access from the following
# countries but still filter based on the port and packets rules. All other
# connections are dropped

OS: AlmaLinux 8.5 cPanel 102.0.14
also using it with Proxmox Virtual Environment 7.2.
Debian 11.3 Bullseye but using a newer Linux kernel 5.15.30,
QEMU 6.2, LXC 4

Both are using- CSF Version:...

Hello

I need to block all UPD traffic for one host on server. How can I do that ?

Regards

If I were to create an external include file for the csf.deny that listed the IP addresses, would I need to restart the csf service every time the external file was modified?

I would like to use a security detection script that monitors traffic on the website to write an IP to the external csf deny include file. I'd rather not get into execution permissions from a script if possible.

If csf...

I'm trying to figure out a way to add ip addresses to the csf.deny list by means of a php script.
My first approach was to directly write to csf.deny from my php script. But figured that it was better to use usr/sbin/csf -d x.x.x.x because the ip is then directly blocked.

But the above is not working.
Tried with shell_exec and some other commands too.

My php file has ownership root 4711

Any...

I'm running CSF on Centos 7.9 and in all of my domains I can receive emails from gmail in my webmail. Although from other providers like yahoo, outlook or iCloud I can not. Can someone please explain to me how to fix this?

Thanks

Hi all,

lfd on my.server.com: user@domain.com blocked for imapd access

Time: Tue Apr 26 21:25:46 2022 +1000
Account: user@domain.com
Application: imapd
IP: X.X.X.X (AU/Australia/-)
Logins: 2
Interval: 3281
Allowable: 1 logins per hour in 3600 second interval
Flushed in: 319 seconds

I'm seeing the above error get generated when a user logs in multiple times, it seems to be set to only allow...

I've used WHM with CSF/LFD for many years and just recently made the switch to DirectAdmin.

I've got CSF/LFD installed but I'm having difficulty understanding how Brute Force Monitor and LFD work in DA.

In WHM, I would set LFD to block an IP after X unsuccessful logins or a distributed attack for which is receive an email notifying me. Pretty straight forward and worked very well.

In DA, the...

Hi!

I have been using csf+lfd under cpanel for ages without any problem (thanks cirpy for the great SW).

Port 2525 is one of my SMTP ports and csf.conf includes it in the following:
TCP_IN
SMTP_PORTS

My clients started calling me today that they cannot send mail. After checking the problem, I saw (telnet hostname 2525) that the 2525 port was blocked globally from outside. csf -x made...

Long standing server, firewall controlled by csf and working great. I am seeing something peculiar where I can run against my server and port 8020 it shows open but it is not listed in the csf.conf anywhere. lsof -i:8020 shows nothing attached to the port.

Hello

Trying to do a custom regex at /usr/local/csf/bin/regex.custom.pm to ban wp-login.php fail

Using NCSA extended/combined log format = %h %l %u %t %r %>s %b %{Referer}i %{User-agent}i

Example log entry (i only replaced external IP and name of the test site)_

151.11.222.111 - - POST /wp-login.php HTTP/1.1 200 2783 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like...

Hello Team Config-server .

We were and still are fans of the Config-server firewall and use this firewall a lot. But recently we have been experiencing a lot of complaints of IP getting blocked from multiple sources and its frequency has been rising . On investigating the incident it was found that many IP's have been blacklisted on site maintaining the Spamhaus ZEN, RATS NoPtr, UCEPROTECTL3 and...

I could not access my sites so I used a VPN to see what is wrong and I discovered that my own IP was listed as

temporary Blocks: IP:xxxxxxx Port: Dir:in TTL:3600 (lfd - *Port Scan* detected from xxxxxxx. 21 hits in the last 105 seconds)

Before that I tried 4-5 numbers in order access cpanel like domain.name:2083, 2082 etc

I keep receiving the following errors when trying to run CSF on my cPanel OpenVZ server.

# /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...FAILED - Required for csf to function
Testing ipt_LOG...FAILED - Required for csf to function
Testing ipt_multiport/xt_multiport...FAILED - Required for csf to function
Testing ipt_REJECT...FAILED - Required for csf to function
Testing...

Hello.

I'm using cPanel & WHM v102.0.8 (STANDARD) and CSF Firewall v14.16.
Today I changed some settings: SMTP_ALLOWUSER (added another user) and also added some ports to TCP_OUT list. Then I restarted the firewall and tested the new rules. Everything worked fine.
Some minutes later, the connections stopped working. Reviewed the configuration again and found that the changes I made were lost....

Hi guys, new here. Got a problem.

After last cpanel update I keep getting these for several of my domains on VPS:

User:username_goes_here PID:29195 PPID:29194 Run Time:7(secs) Memory:150112(kb) RSS:2708(kb) exe:/usr/local/cpanel/3rdparty/webalizer/bin/english cmd:/usr/local/cpanel/3rdparty/webalizer/bin/english -N 10 -D...

Hi

i just got this error on one of my VPS. I have same provider and configuration for years on different VPSs, but I started to get this error.

Error: The VPS iptables rule limit (numiptent) is too low to add 8443 rules (191/2000) - *IPs not added*, at line 5767

A few hours ago, I reinstalled csf, was able to start the firewall but a few minutes ago the problem arises again.

I searched the...

Hello,

It's possible to disable autoblock IP from SSH login errors?

Thanks