ConfigServer Community Forum

Good morning,

I have two IPs in my cPanel server, one for web purposes and a secondary IP for outgoing email. To avoid malicious things use the secondary IP, I wish to restrict this secondary IP to only SMTP ports. How can I achieve that with the CSF plugin in my cPanel?

Thanks in advance.

To demonstrate this question,

Let's say I have this 3 IPs:

1.1.1.1, 1.1.1.2 and 1.1.1.3

Now I want to block each of this IP individually using csf. So,

csf -d 1.1.1.1
csf -d 1.1.1.2
csf -d 1.1.1.3

Success, now all of them are blocked in /etc/csf/csf.deny

But then if I want to block 3 of them using CIDR /24 notation. So I did this:

csf -d 1.1.1.0/24

Success, but CSF did not remove the...

Hello,

Centos and Redhat have now moved away from Docker to Podman but i am unable to get CSF to work with podman. Docker used interface docker0 but podman uses a new interface for each container. e.g. veth11088f88

Any suggestions would be welcome.

I have tested the below config but with no luck.

# podman network inspect podman
[
{
cniVersion : 0.4.0 ,
name : podman ,
plugins : [
{...

Hi,

Started noticing suricata alerts based on this ET.
ET DNS Query for .su TLD (Soviet Union) Often Malware Related

network.data.decoded .............ns2.magicgenericmart.su.....

UDP traffic

(..5.?._X..............ns2.magicgenericmart.su..............W. .ns1...admin..w..@...X......u.....

Exploring tcpdump to pcap gives an indication that it still hits the cPanel host even though...

I'm running CentOS 7 with csf v14.08. If i log into webmin and restart CSF it works fine. If i go to restart LFD, it shows a blank response and says done. But on SSH, it says that the LFD restart is pending, and will stay that way for 90s until it times out and the service is killed. Which after that, the webmin interface dies. Here is the service status log before, during and after I try to...

Hi, how are you doing folks. I have an issue with the cPanel email deliverability section.

When I have CSF firewall enabled, I get an error

When I have CSF disabled, that section works perfectly...

I tried clearing the blacklisted IPS but it didnt help.. the only thing that helps is when I turn OFF the firewall.. Is there any port used by cPanel to check the email deliverabilit?

Is...

I've set up CSF within Virtualmin, including the admin module successfully using the documentation instructions to the letter. Virtualmin is running on a fully patched Ubuntu 18.04.5 running on AWS with a firewall rule in AWS set to block SSH port 22 to only accept connections from my IP address, no other rules in AWS firewall. All seems to work well. Virtualmin is set up with one domain running...

I have 2 VPS both managed by WHM-cPanel
One of them is very old and works fine, while new one just installed Centos7 and cPanel.
On both VPSs run same CSF v14.08.
I am facing a strange bug on the new VPS cPanel installation.
The TCP_IN: List is not applied at all
That means, what ever port i add to this list, does not open.
The List that the i get from the View Listening Ports button, has nothing...

Hi. We'd like to only allow FTP access to users who connect via a specific hostname like: portal4321.vps22.hostingserver.com.

And block everything which tries to connect to the FTP in a different manner, like ones who use the server IP or vps22.hostingserver.com directly.

Is this possible in CSF? If yes, great, how do i set it up?

Thanks!

In /var/log/messages I see many of these types of messages, in fact they are the only ones I see:
systemd-logind: Failed to remove runtime directory /run/user/0: Device or resource busy

When I google this message, the first result is:

which one of the posters seems to indicate could be caused by lfd.

Any further insight into this?

Good morning CSF Team!

We are currently evaluating if we can use CloudLinux's Imunify360 solution which has a CSF Integration mode.

In Imunify360, when it detects CSF blocked an IP, it will move that block from CSF to Imunify360, however it relies on the 'BLOCK_REPORT' function of CSF.

During our testing, we've noticed that sometimes CSF will block an IP but Imunify360 didn't see the block....

Hi.

After upgrading machines that uses CSF to cPanel v92, this notification started coming every second:

lfd on host.domain.com: SUDO login alert - Successful login from wp-toolkit to root

Setting Account Tracking to root or even disabling it seems not to work.

The binary has been whitelisted in pignore.

What could be done to stop this notification as it clogs the pipeline and eats up email...

I am looking at how to block IP addresses with CSF, and find that the following command suits my needs:
sudo csf -d 10.0.0.1 do not delete
The response that I get back from CSF seems to indicate that this has been added to iptables:
Adding 10.0.0.1 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 10.0.0.1 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 10.0.0.1...

I updated my cpanel to the latest version and rebooted my server. CSF is up to date but the server can't even be pinged if the firewall is enabled. I ran the check on the iptables and the result says all good and csf should run on the server, but it won't.

Server: CENTOS 7.9 kvm v92.0.3

I have downloaded the last known good config profiles so if need be I can reinstall csf but I would prefer...

Hi I am trying to configure lfd Clustering in csf, however the fields are all gray outed and unable to fill any number.
I use cPanel + immunify360.
Has anyone overcome same issue? :confused:

I have an email address that is repeatedly checking my server, but that account is invalid (non-existant account), and I know that the person doing it is not malicious, but only stubborn for not updating their settings, can i skip that email address from being checked by CSF and dont block their IP?

I use directadmin by the way.

Since the new versions of DirectAdmin we have problems with using the API for CSF. T We didn't change our scripts and it works for years well.

Debugging DirectAdmin I see the next message:

/CMD_PLUGINS_ADMIN/csf/index.raw
Command::doCommand(/CMD_PLUGINS_ADMIN/csf/index.raw)
Sessions::touch:Command::doCommand:/CMD_PLUGINS_ADMIN/csf/index.raw): no sesssion filename is set....

I have this already for a longer time but nobody responded to my other thread (november last year).

It seems csf.pignore is not ignoring certain shoutcast processes. I get this email:
Time: Wed Jan 15 20:32:31 2014 +0100
Account: admin
Resource: Process Time
Exceeded: 10888 > 1800 (seconds)
Executable: /home/admin/domains/mydomain.com/public_html/mediacp/files/shoutcast198/linux/sc_serv
Command...

I have CSF on my server and I use directadmin. when a user has 2 login failure in wordpress website csf add code like this in .htaccess file:

# BEGIN Brute Force Login Protection

order deny,allow
deny from 178.63.180.101

# END Brute Force Login Protection

how can I increase the number of login failure for wordpress users?

In csf.conf I have
LF_IPSET = 1
LF_IPSET_HASHSIZE = 1024
LF_IPSET_MAXELEM = 65536

I have several public blocklists enabled, namely ABDE, BDEALL, SPAMDROP, etc., all of which have been working correctly on csf with ipset for several years. At this point, I don't recall precisely what I had to do to set it up initially. I thought all I did was uncomment a line in /etc/csf/blocklists to enable...