lfd warns me daily about a process i simply cannot teach csf to ignore:
Time: Wed Nov 1 20:08:44 2023 +0100
Account: www-data
Resource: Process Time
Exceeded: 146435 > 1800 (seconds)
Executable: /tmp/appimage_extracted_a3ed3648c2d4a42fcd239937c53130a2/usr/bin/coolwsd
Command Line: coolwsd --config-file=/tmp/appimage_extracted_a3ed3648c2d4a42fcd239937c53130a2/etc/coolwsd/coolwsd.xml...
I'm currently trying to block all incoming traffic to my server that does NOT come from my CDN IP addresses, and I'm hoping to do that with some kind of Allowlist, while denying all others.
My only concern is that I use Atomic Secured Linux (Atomic Protector) for my mod_security rules, and I don't want to create any kind of conflicts that might exist when running two different...
I have validate an old server and a new server where will be installed update CSF.
It seems CSF regex.custom.pm almost completely blank.
An example:
# SECTION:OS Specific Settings
# Note: File globs are only evaluated when lfd is started
Is it automatic added settings when it is installed and restarted system like Linux and CloudLinux 8?
wget
tar -xzf csf.tgz
./install.cpanel.sh
I see it should be cd csf if you like t install.
/etc/init.d/csf restart is not executed. Which command should be set inside root access for cPanel?
The last steps is not working. How to manage this?
I’m looking for some advice on how to achieve a specific configuration using CSF.
I have a server that is currently getting hammered by junk web traffic from a whole load of IP addresses all beginning 18.xxx.0.0/16 (where xxx can be any of about 20 values).
I had initially just blocked those ranges entirely in CSF but with it being such a wide block that’s not really feasible - we have...
Since our servers upgraded to Alma Linux 8.9, each time the servers reboot, CSF does not operate as normal until after its restarted via WHM.
On one server that uses PHPMailer and Office 365 SMTP, any emails that are sent by the cPanel account will fail due to network is unreachable and in the /var/log/messages it shows outgoing connection attempts to port 587 being blocked. This is happening...
I have MESSENGER v1 working on the server with Directadmin but doesn't work with SSL. So, I configured v3. The website to offer the unblock it is show, the captcha too, but when I click to unblock, the IP isn't removed on the deny list, so the IP isn't blocked. What it could be?
We are using csf on many of our servers, however, on one of our servers the Messenger service doesn't seem to work.
The server has cPanel and LiteSpeed. It also has BitNinja installed, but the problem happens even if we have the BitNinja service disabled.
Here is what we tried:
Switching to Messenger v1, v2 & v3
Uninstalled and reinstalled csf
Copied the csf configuration file from...
I apologize, but could you still explain how it turns out that in your database - /var/lib/csf/Geo/dbip-country-lite.csv it is written like this: 130.0.232.0,130.0.239.255,UA And in the logs it came: This is what the csf shows... Table Chain num pkts bytes target prot opt in out source destination filter ALLOWIN 3 590 86236 ACCEPT tcp -- !lo * 130.0.234.147 0.0.0.0/0 tcp dpt:2829 IPSET:...
I use TMUX a lot, but lately it doesn't keep the sessions when you restart the server or if you are inactive for a long time.
I suspect it may have something to do with CSF.
Very annoying when you have configured many things.
Have to start from scratch every time.
I would like to ask if there is a feature in csf/lfd where if a user keeps running multiple queries from same IP to be banned and if I can adjust that?
I've got a website of a non profit organization with a large db and getting attacks from multiple IPs from a specific country.
I blocked the country but is a matter of time to use another country to keep going etc so this is not a...
Time: Wed May 15 19:08:50 2024 -0400
File: /tmp/alfacgiapi/getheader.alfa
Reason: Script, starts with #!
Owner: fromhigher:fromhigher (1013:1014)
Action: No action taken
I went in and found that the site was hacked, deleted everything, restored and patched from a clean backup. Also emptied the trash on that account. However, I keep getting this same email...
When my csf.allow file is empty, I can't send (SMTP) or read (POP) emails on my server, it ends up with a timeout. Adding my IP in csf.allow, everything is ok.
I would like to be able to access my emails from anywhere, how should I do ? I have looked for a parameter in csf.conf for that, but have not found so far :confused: . Any help appreciated.
I'm having difficulty with getting SMTP auth failures detected by LFD. I believe this is partially due to Postfix on Ubuntu not reporting the rhost in the /var/log/auth.log file. Here's an example:
Hello.
When I activate cfs and Fail2Ban, Fail2Ban does not send me detailed information like the one I attached in the email. When I disable cfs it sends.
VPS Server virtualmin for ubuntu 22.04
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum