ConfigServer Community Forum

Hi I have following statement in my csf.ignore hoever I still receiving 50-100 emails per day. Where I am doing wrong ?

csf.ignore

###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com
###############################################################################
# The following IP...

Hi All,

I cannot get the CSF plugin to appear in Interworx. :confused:
CSF is running ok.
Has anybody encountered this problem before?

Thanks in advance. :)
Steve

sudo service csf status
Redirecting to /bin/systemctl status csf.service
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
Active: active...

Hi! hope this message finds you well. For the last 2 weeks, we have been in a problematic situation, we have designed a custom website 2 months ago but from last 2 weeks, we have noticed unauthorized access to our website which is having a big impact on our general and real visitors. for example the slow loading to our page.

Good morning,

I wish to rate limit by outgoing trafic using some IPTables rules like this:
iptables -A OUTPUT -m hashlimit --hashlimit-upto 5000/sec --hashlimit-burst 10000 --hashlimit-mode dstip --hashlimit-name loutput_ip --hashlimit-dstmask 24 -j RETURN

If I just add these rules in IPTables, will it break CSF? Or is there a way to add some custom iptables rules inside CSF?

Hi,

I customized blocklist and add some urls like this:

and:

But after restart the csf, it tries to download this list but final file size on /var/lib/csf/csf.block.NAME will be 0 byte for such url
although for others is ok

Appreciate for any help

Hi,

Im trying to block ssh login alerts for some of the cpanel users.

I have found this >

but it didnt help.

Did anyone manage to pull this trough maybe?

Hi,

I am blocking China via CC deny plus some manual rules as well, but some connections are still getting through.

It appears blocking is active as a csf grep for the IP address shows it as blocked:

csf -g 111.202.101.113
No matches found for 111.202.101.113 in iptables
IPSET: Set:chain_DENY Match:111.202.101.113 Setting: File:/etc/csf/csf.deny
IPSET: Set:cc_cn Match:111.202.101.113...

Hello,

in csf.pignore

instead of this:

exe:/opt/cpanel/ea-php56/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php70/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php71/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php72/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php73/root/usr/bin/lsphp
exe:/opt/cpanel/ea-php74/root/usr/bin/lsphp

can I add this?

exe:/opt/cpanel/ea-php*/root/usr/bin/lsphp

Thanks!

Hello.
I use csf on Debian 10.
/lib/systemd/systemd-timesyncd added to /etc/csf/csf.pignore by default. But I periodically receive mail about Excessive resource usage: systemd-timesync . Please help resolve problem.

Good morning,

I'm at this time writting an update script and wish to integrate CSF update inside this update script. Is there a way to check updates of CSF throught a BASH script?

As of today 31 Jan 2021 nearly all incoming mail is getting rejected because the sending mail servers are in an RBL.
And adding to the disable/enable file /etc/csf/csf.rblconf ( example) disablerbl:dnsbl-3.uceprotect.net isn't working either.
Any suggestions? Is there a RBL that's missconfigured?

Hello,

I am having trouble with this. Please can someone help me with the custom Regex. I tried to whitelist user in pignore, but not working. Basically I dont want these suspicious file notices as they are false positive, so I need a regex or to know how to whitelist this user:...

We have dedicate server and which centos with cpanel and multiple domains hosted on it

Our dedicate ip is 95.216.42.246

We have installed csf firewall on it

We are getting issue since 2 weeks

our ip get blacklisted again again

on CBL and spamhaus and they give reason as given below

Technical details of the matsnu detection

This was detected by a tcp connection from 95.216.42.246 on port...

I apply the ports I want to open and, when restarting CSF, it opens all ports:

TCP_IN =
1:65535

Has anyone here created a PHP script in order to blacklist IP addresses in CSF to the Sucuri blacklist using their API as can be done with Cloudflare?

Is it possible to redirect all blocked ips to a new address liked siteaddress.com/blocked to notify if a user is being blocked.

I get a lot of clients who get blocked due to incorrect email login attempts so would like to show the users they've been blocked instead of the sites showing a 500 error.

Hi guys

I recently started up my first AWS EC2 instance, installed WHM/cPanel and migrated a few sites across. All going great, sites running perfectly and emails going in and out. Installed Configserver and suddenly my mail stopped sending.

Took me 2 days to actually realise it wasn't sending, when I looked in to it I found after several hours that the sending port (465) wasn't being allowed...

Hello ALL,
I use CSF many years and have created many custom rules based on - but very first time I've met a problem what I can't understand - because everything looks correct - but does not work.

1) I have created a custom log file what is producing by BASH script adding lines like
printf BadIP 212.3.197.165\n >> /var/log/blacklist.log
So BLACKLIST.LOG is very simple and looks like
BadIP...

Hello

Is there a way a bulk IP POP3 or imap will IP's will be allowed? I tried IP like this (for example only)
123.45.0.0/24 # csf.allow

then I saw some IP IN csf.deny
123.45.111.222 # lfd: (pop3d) Failed POP3 login from 123.45.111.222

can somebody explain to me why is this happening?
how can I make this work?
May I know if my bulk IP allow is correct declared?

Ran into an odd issue today, CSF was reporting that it couldn't restart. This was the error in the startup logs:

Error: FASTSTART: (csf.allow IPv4) [] . Try restarting csf with FASTSTART disabled, at line 5587

I disabled FASTSTART and that did allow CSF to start, but I have no idea what that means. Any idea?