ConfigServer Community Forum

I have the LF_PERMBLOCK_ALERT set to OFF and have saved and reloaded CSF. Still, even after turning it off I am getting dozens of PERMBLOCK alerts in my inbox every day like the one pasted below. Am I missing some other setting that I have to change to stop CSF from sending me all of these?

Time: Thu Apr 1 02:45:29 2021 -0400
IP: 186.206.129.189 (BR/Brazil/bace81bd.virtua.com.br)
Failures: 5...

Hi there

The default refresh rate appears to be 5 seconds.

Is there a config setting somewhere to change this to e.g. 15 seconds?

When i enable IPSET give me this error.

csf: IPSET creating set chain_DENY
IPSET:
csf: IPSET creating set chain_6_DENY
IPSET:
csf: FASTSTART loading csf.deny (IPv4)
Error: FASTSTART: (csf.deny IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5781

What modules i need? i run CSF test and not give me any error.

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing...

I have PT_USERMEM set to zero but I still get the emails. How is this possible? So much so that the email address that it sends too is now blocked by outlook. So now I just get the email failed messages.

Yes I know I should either stop my scripts from doing it or buy another 100 CPUs but I just want to stop the crazy amount of emails I get.

no list of option. It only shows:

# csf -h
csf: v14.10 (cPanel)

That's normal?.

Btw, Is there some way to reinstall withtout loosing the configuration?

Hi all,

I am getting a lot of e-mails about suspicions process running. I did find many threads about it and all pretty much talk about how to silience those.
I want to fix (if possible) the underlying problem.

Those warnings are generally only specify user and PHP executable.

Network connectiosn I am getting are:
Network connections by the process (if any):

tcp: 127.0.0.1:41462 ->...

Remote Machine OS: CentOS-7-x64

Firewall GUI: CSF+LFD

Issue: Granting access to specific Ports by selective IP's and CIDR range to Remote Machine CentOS-7-x64 does not works, as no access to that specific IP's granted?

Hiya,

I'm trying to Grant Access to specific ports on my Remote Server CentOS-7-x64 by specific IP and CIDR range but it's not functioning. I added lines to:...

Hi,

My client is getting ban from CSF every time when he changes the ip. His ip is dynamic, I'm trying to whitelist him but once the ip is changing he is getting ban.

He is using Jazler to upload from radio the song titles in website using ftp connection.

How we can fix this issue to allow his ftp connection by hostname or by domain?

Thank you

Is there a way to blacklist an IP based on the repeated failures like the following logs?

I get these from journalctl not sure if they are also logged somewhere else.

Jun 01 23:13:07 myhost.goo.edu sshd : Unable to negotiate with 139.59.240.248 port 55732: no matching key exchange method found. Their offer:...

Is it possible to do advance filtering using the command line?

It seems like the only possible way is to write the directly to the rule file?

Hello,

I'm using csf and have the follow config:
LF_SSHD = 15
LF_SSHD_PERM = 1

Even so ssh logins are being blocked on single login attempt

IP: X.X.X.X (GB/United Kingdom/-)
Failures: 1 (sshd)
Interval: 600 seconds
Blocked: Permanent Block

Log entries:
Sep 20 08:16:34 web7 sshd : Invalid user ubuntu from X.X.X.X port 45160

Cant understand why this is happening. Checking the logs i only...

Hello,

I'm using LF_DISTSMTP to help to detect compromised email accounts.

It works fine but I have a few email accounts for sending reports that have distributed logins.

Is it possible to LF_DISTSMTP ignore this specifics accounts? How can I do that?

Thank you

Hello,

This is only few lines. We have a maybe tousend of line. And CSF didn't stop this. Which config missing our CSF ?

Regards,

139.880043136 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private
139.882366931 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private
139.884717429 43.239.141.121 -> xxx.xxx.xxx.xxx NTP 482 NTP Version 2, private
139.887074679 43.239.141.121...

Here are the ^PT_ related settings:
# grep ^PT_ /etc/csf/csf.conf
PT_LIMIT = 60
PT_INTERVAL = 60
PT_SKIP_HTTP = 0
PT_ALL_USERS = 1
PT_DELETED = 1
PT_DELETED_ACTION =
PT_USERPROC = 10
PT_USERMEM = 1024
PT_USERRSS = 256
PT_USERTIME = 1800
PT_USERKILL = 1
PT_USERKILL_ALERT = 1
PT_USER_ACTION =
PT_LOAD = 30
PT_LOAD_AVG = 5
PT_LOAD_LEVEL = 6
PT_LOAD_SKIP = 3600
PT_APACHESTATUS =...

Hi ,

I just installed CSF on an Asterisk box.
Is there any setup I could use in order to block IP addresses that failed to login on SIP / port 5060 with the help of CSF ?

Thanks !

Hi guys,
If I have a user getting blocked with an ip address say 203.57.138.20 (Not real IP address)
I now want to find in the logs why he was blocked. This IP address is currently unblocked so looking at csf.deny does not help

Kind Regards

Steve

Hi guys,

I'm running Postfix on a generic Centos 8 server and I'm trying to lock it down with CSF. I've done a fresh install, reviewed the conf, set testing = 0 and restarted the service.

The postfix maillog (/var/log/maillog) is showing a lot of SASL authentication failures like this:

May 5 09:21:38 myserver postfix/smtps/smtpd : connect from unknown
May 5 09:21:39 myserver...

Hello,

I would like to know if it is possible to use different users without having whm installed on my server, on this server I have a different application but I want to create users that can only unblock IP's.

Thanks.

Hi and thanks in advance!

I have installed in my WHM the plugin ConfigServer Security & Firewall

Its blocking NODE.js connections to externals APIs calls and I dont know how to avoid it.

(If I disabled the firewall all works)

Could you gime a clue please?

Thank you !

hello,
i have a server in cloud and i want access only from my ip

so i add in csf.allow my ip
and in csf.conf i set
TCP_IN =
UDP_IN =

same for ipv6

but when i reboot server, is offline...
i can't access in ssh but if i access with console (on provider panel) and try to ping 8.8.8.8
network is unreachable

of course server have a public ip, but is not static settings but keep ip from DHCP...