ConfigServer Community Forum

Hello,

my /usr/local/cpanel/logs/login_log is full of failed whm login attempts from ip addresses in verry strange countrys but it looks like the attackers know the defending mechanism against this type of attack because they stop after two failed attempts and a few hours hours later they try again.

I know this would be a working as designed status as my LF_CPANEL is set to 5 so it only...

Is the intended behavior that csf /lfd will only email upon the first WHM root access from the same IP within so many hours?

I'm trying to figure out why lfd only sent one email WHM/Cpanel root access alert when I logged in and out and then in again a few times to WHM. The cpanel login_log shows all three WHM logins, but lfd only emailed once and only logged the first whm login to...

In csf v14.09 when I have permanent deny rules in /etc/csf/csf.deny like the following:

tcp|in|d=1_65535|s=64.62.128.0/17 # do not delete
tcp|in|d=1_65535|s=64.71.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.71.128.0/18 # do not delete
tcp|in|d=1_65535|s=64.90.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.91.224.0/19 # do not delete
tcp|in|d=1_65535|s=64.225.0.0/17 # do not delete...

Hello, i facing a little issue, everything work fine.
but when I run a Test on the iptables i get missing modules:

Testing iptables...

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing...

Hi
I have a recurring issue on my 2 cpanel/whm controlled vps servers CENTOS 7.9 kvm v94.0.3 .
I have installed csf and lfd as per 'the book' BUT, if I leave service csf enabled the load average gradually ramps up to a huge and non resposive value (I have seen 30 30 30!! - that took some recovery from)
However as soon as I 'systemctl stop csf' the load averages rapidly drop to their usual values...

whoops... silly error. I was placing my ignore commands under IP Blocking rather than process blocking ... completely missed the drop-down list of ignore options.

I try to find solution but I could not find anything that works for me...
Have been usining CSF on some servers and donate some money...

trying to use server as gateway for my local network....

i am not iptables guru...
I have
eth1 connected to internet
eth0 my local network

This work without firewall on:
/sbin/iptables -t nat --flush
/sbin/iptables --table nat --append POSTROUTING...

Hello!
Help me please to get rid of hundreds firewall messages in bash, like this:

New messages appears every few seconds, so in a minute screen is full of them. It's hard to type any command in bash.
Is it possible to redirect output of this messages to some log file instead?

Thank you!

How an I increase the RSS Memory size? Running on WHM/cpanel

Time: Wed Mar 10 07:12:25 2021 -0500
Account: xx
Resource: RSS Memory Size
Exceeded: 501 > 256 (MB)
Executable: /opt/cpanel/ea-php73/root/usr/bin/php-cgi
Command Line: /opt/cpanel/ea-php73/root/usr/bin/php-cgi /home/xx/public_html/wp-cron.php
PID: 5945 (Parent PID:30682)
Killed: No

Hi All,

I am new to the CSF, but after installing in cPanel as a plugin, and enabled it, ftp comes with the following log:

Status: Disconnected from server
Status: Resolving address of server.hostingclubserver.com
Status: Connecting to 80.61.154.207:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS...

Hi there. Lately I was getting a lot of errors like
*Error* pid mismatch or missing, at line 1160
daemon stopped
This error is caused by trying to block some IP address, which triggered csf of lfd rule few times in a row. After that csf is disabled, but it was reenabled by cron job, which monitors services state

This is from lfd.pl (including line 1160, where an error is triggered)
while (1)...

Hello,

we have a server that needs to be able to access mysql with the root user.

We have blocked port 3306 globally.

And allowed the authorized IP in csf.allow with the following format:
tcp|in|d=3306|s=x.x.x.x

We check that it works fine, but we have found a strange log:

cat /var/log/mysqld.log | grep Access denied
2021-03-03T09:27:40.493517Z 574416 Access denied for user...

I get a huge amount of e-mail notifications such as the ones below on a daily basis:

Time: Sun Nov 15 12:45:01 2020 +0000
IP: 191.239.XXX.XX (BR/Brazil/-)
Failures: 3 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block

Log entries:

Nov 15 12:30:49 server sshd : Invalid user git from 191.239.XXX.XX port 45826
Nov 15 12:30:51 server sshd : Failed password for invalid user git from...

I try to set restriction to user and not general SMTP restriction.
As I understand SMTP_BLOCK should be ON and additional per user
2. SMTP_ALLOWUSER XXXuser

Is this correct?

Dear community,
I hope you will be able to help me.

After buddycpanel upgrade
>
I am getting LFD Suspicious File Alerts via server email:

Screenshot >
File: /tmp/buddycpanel.OuiKw/buddycpanel-latest/plugin/addon_buddyns.cgi
Reason: Script, file extension
File: /tmp/buddycpanel.OuiKw/buddycpanel-latest/scripts/buddyns_ctl.py
Action: Too many hits for *LF_DIRWATCH* - Directory Watching...

Hello,
I am new using ConfigServer security & firewall and can use some guidance.

I am trying to set it up so that I receive alerts when certain actions take place for example when the server load is high.

My first question is can alerts only be sent via email? Or are there other ways of sending alerts such as SMS or post to url?

Can you point out where in CSF you specify these settings, for...

Hi
i am working IPTV and i need the the firewall for my main server
but i have some question
1. CFS can block DDOS attacks?
2. Do I need a dedicated server for firewall? i don't want run it on main server
3. has CFS any monitoring panel for delete ip or add ip and check statues during attacks?

Hallo
I use Juggernaut Danami's overlay for CSF ,
I'm using it on Debian 10 and Plesk, everything seems to be working fine
except for one thing: Custom Login Failure Triggers but only for MSQL
others work very well

What I know and it works is:
Login error logs are saved at /var/log/mysql/error.log

2021-02-26 10:33:06 49476 Access denied for user 'dsd' @ 'localhost' (using password: YES)
regex...

Hi!

I've recently installed CSF on an Ubuntu server 20.04, where I also run a docker daemon. I've found that the standard docker-options in the configuration doesn't give my containers network access with adequate port forwarding. I've tried some workarounds, such as using putting service docker restart inside csfpost.sh. That's perhaps not that elegant but it works after a fresh enable or...

Hello and I hope everyone is healthy and safe.

I manage a server which gets a lot of malicious hits from outside US. I use CC_DENY which works well. However, as mail is being sent out and oftentimes some foreign recipients do a dns check for dns on the server, it is also blocking that which degrades service.

What must I do to continue to use my CC_DENY list whilst also allowing foreign dns...