ConfigServer Community Forum

Dear all:

I've been using csf at least 5 years, great product.

I have setup a new server and installed it as usual. But as soon I enabled it, all the network goes crazy, the network latency pikes high, making almost unusable :confused: , I thought I was having issues with the ISP, but I then disabled csf and everything back to normal, enabled it, and the network slow down inmediately.

OS:...

Hi,

I just installed CSF, test it and run in normal mode (disable testing).

The problem is if I try to block IP, it continue working for sites under CloudFlare protection. Blocking working for sites without CloudFlare.

How I can setup it to block bad HTTP requests for CF sites? I already use CloudFlare firewall but it take 5 minutes to block any IP and my site work unstable. Thanks

Last night the server using CWP Pro comming with CSF and LFD upgraded to the latest version.

One of our websites/shop running on that server started having issues on the checkout page.

Page load times of normal cached pages got a little extra delay in it.
The checkout page however gotten an extra delay of between 20-60 seconds......

Yes u read this right 20-60 seconds delay on page load

When...

The /usr/local/csf/bin/regex.custom.pm file allows you to set up blocking for failed Wordpress login attempts, for example:

if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:GET) \/wp-login\.php.* /)) {
return ( Failed WordPress GET ,$1, WPLOGINGET , 5 , 80,443,21,25,22,23 , 1 );
}
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /(\S+).*] \w*(?:POST) \/wp-login\.php.* /))...

Hi all! :)

I just wanted to confirm whether wildcards are supported in csf.redirect or not. The documentation seems to suggest that they are, but I get this:

Error: csf: Invalid csf.redirect format , at line 3249

With this:

# /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing...

I added several repeat offender ASN's to CC_DENY. Was really excited about this because it could make my life a lot easier.

However, I was dismayed to see IP's from within those ASN's still hitting Apache. The field is setup like this:

CC_DENY = AS12345, AS23456, AS34567

Is this the proper format? I added 20 ASN's, are there any settings to adjust to allow so many? Perhaps DENY_IP_LIMIT? I'm...

Hi all!
We have these settings in place in CSF configuration file:

LF_DISTSMTP = 5
LF_DISTSMTP_UNIQ = 3
LF_DISTSMTP_PERM = 1
LF_DISTSMTP_ALERT = On
LF_DIST_INTERVAL = 300

And some DISTSMTP triggers have been intercepted because of some customer of ours having used Gmail for sending mail messages via our server's MTA.

So we received some mail warings (subj: distributed SMTP Logins on account...

Hello Team,

I need urgent help for CSF issue. On our production server FTP failed attempts not blocked by csf. I am really frustrated and I am literally checking this issue since 4 days.

For example:

Nov 10 04:27:52 w212 pure-ftpd : (?@152.57.198.52) Authentication failed for user
Nov 10 04:27:52 w212 pure-ftpd : (?@152.57.198.52) Logout.
Nov 10 04:27:58 w212 pure-ftpd : (?@152.57.198.52) New...

Hi,

seems that the bug reported in this previous topic is happening again.

On several of our servers it was not working until we did apply the same fix.

Is there a way to skip the Apache status check in LFD altogether?

I tried setting: PT_APACHESTATUS =
but lfd log keeps showing lfd: STATS: Unable to retrieve Apache Server Status - Unable to download: Cannot parse URL: '?auto'

Hi! I run a server on WHM/CPanel, with several sites on it. Since 5 days ago, someone is attacking this site, sending LOTs of requests to the site. Even if I suspend the site, I still get hundreds of requests per minute, from several IPs around the world.

Is there any way I can stop this kind of attacks using CSF/LFD?

Time: Thu Oct 28 22:21:17 2021 +0000
Uptime: 152156 seconds
Executable:
/usr/local/cpanel/3rdparty/perl/532/bin/perl

Is this a false signal?

Hi I've done some searches and saw a few hits:

I'm fairly new to defending my own server against attacks and thought that it would be helpful to automatically populate csf.deny with data from various blacklists. The above search results show this has been brought up a few times, but it seems the conclusion is there is too much data to effectively do that with csf (limitation of software...

Hi, I have some servers acting as Wireguard endpoints that need to accept traffic from certain ports and forward them to another host on a LAN at the other end of the Wireguard tunnel. Incoming data on the ports are accepted and forwarded to the appropriate host. Outgoing data is masqueraded. The TCPMSS clamp is required to ensure the forwarded packets respect the tunnel MTU. In this case as you...

How are the IP's/ranges loaded into Ipset? Are they simply added to the csf.deny and csf processes them into Ipset or other method? Is there a way to easily bulk add deny IP's?

I have an existing ipset how do I add that to the deny?

All I've seen essentially is make sure it's installed and change the conf to 1.

Thanks!

I don't know if this is a CSF bug or something else so I post it here.

In Centos 7, it was enough to put these lines in the csf.pignore file:
exe:/usr/bin/spamc
exe:/usr/bin/spamd
cmd:spamd child
no problems with perl mails about spamd and spamd child anymore.

Since Centos 8 this is change, no clue as to why.
On is about a suspicious process, the other one about excessive resource usage....

I'm using a file with IP addresses and ranges as a permanent block list. When I search for an abusive IP address (5.188.62.76) in CSF I see that it's blocked by 5.188.62.0/24 resulting in the following output:
Table Chain num pkts bytes target prot opt in out source destination

filter DENYIN 37291 0 0 DROP all -- !lo * 5.188.62.0/24 0.0.0.0/0

filter DENYOUT 37291 0 0 LOGDROPOUT all -- * !lo...

Hey,
I'm unable to start lfd on centOS 8.2 with DirectAdmin v.1.61.3. iptables v1.8.4 (nf_tables). CSF and LFD in newest versions.

Logs:

CSF:
csf : iptables v1.8.4 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain OUTPUT
csf : LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
csf : iptables v1.8.4 (nf_tables): RULE_APPEND failed (Invalid argument): rule in chain INPUT...

Good Day

I would like to know if it is possible to exclude a domain name from csf. A client of mine is constantly blocked when using his email on his pc via Outlook. Have one through all settings and setup the account numerous times.

Any suggestions will be helpful.

Thanks in advance.

Can someone help me ? I have the following problem.

I configured CSF on a new server and everything was working perfectly, but after I added a few more ips via Cpanel Interface (range of 16 ips) my server crashed, I couldn't access whm or ssh, luckily I have physical access to the machine and to the monitor and I was able to disable the csf with the command csf -xe after disabling everything...