ConfigServer Community Forum

Auto update of csf today resulted in corrupted /usr/sbin/lfd file. There was an EOF at line 10229 after $ch .
I had to run curl -sL | perl to fix it.

Upgrading csf from v14.03 to 14.04...
Retrieving new csf package...
...5%
...10%
...15%
...20%
...25%
...30%
...35%
...40%
...45%
...50%
...55%
...60%
...65%
...70%
...75%
...80%
...85%
...90%
...95%

Unpacking new csf package...

gzip: stdin:...

Hello,

ENV: Centos 8, Csf 14.04, iptables enable.

I have tried to block a spammer, who installed a cron script to populate every ten and every eleven minutes in logfiles of my server with following:

FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffriends.png
FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffind.png

Instead of using modsecurity, I...

Hello,

In following message there is a bug:

*Error* IPSET:
CC: Repopulating ipset cc_6_ua with IP addresses from
IPSET: loading set new_6_ua with 0 entries
IPSET: switching set new_6_ua to cc_6_ua

Hi,

how can I stop firewall alert notifications on the system?

I am using a CSF firewall with Centos 7, due to security reasons I blocked SSH port access since I had KVM access.

now the issue is the KVM viewer becomes so messed up ... the alerts keep popping up even if I open nano or vi editors.

The ICMP settings are disabled via cPanel/WHM as well.

Image Reference

SMTP Server blocked by csf and throwing error

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1jsyQF-0002B0-JY
delivering 1jsyQF-0002B0-JY
LOG: MAIN
Sender identification U=keralad1 D=keraladesk.com S=info@dummydomain.com
Connecting to how.lakemneadows.com :25 ... failed: Connection refused
LOG: MAIN
H=how.lakemneadows.com Connection refused
LOG: MAIN
==...

Does anyone know how I can add the users IP address to sualert.txt?
I've tried the following but it does not work

IP:

Since a few weeks the CSF Real time blocklists checker in WHM stopped working. The titles of the hourly checks that email me, they report this:

`RBL Check on server04.ourcompanydomain.com: failures`

Every single list is failing, and I have no idea where to start checking why.

The only clue I have and the only text that seems out of order is in the middle of the email report Senderbase:...

Hi,

I have just install CSF on Ubuntu, on a Digital Ocean droplet.
I don't have an email server installed, so I would like to send CSF/LFD emails via a 3rd party SMTP server.

How would I do this, without installing a mail server?
I have looked at the csf.conf and couldn't see away.

Thanks,
Gaz

Hi. I've been using CSF for a while on a PVE (LXC) server.
The host has an interface vmbr0 for public address and a vmbr10 that we use as an internal network (10.0.X.X)
Most LXC containers only have one of the internal network address as we use a Nginx proxy in one of them to receive all the external traffic. This to the local containers is an eth0 address. Additional IPs are routed through the...

Hello, I just installed csf and the first time using it. when I check csf status I find that's running but got only this warning:
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

How to resolve it, thanks

Hello,

Somebody use fredomedosvsd@gmail.com mail address and all other types like

fr.e.dom.ed.os.v.sd@gmail.com
fr.e.dom.e.do.sv.sd.@gmail.com
f.re.domedosvs.d@gmail.com
fr.edome.dos.v.s.d@gmail.com
f.r.e.d.o.m.edosv.s.d.@gmail.com

......

Tousend of types :( I'm already use LFD Blocklist database but not help :( How can I stop that spammer ? Because they are using some script and attack my...

Hello,

I keep seeing a ton of these errors - Failed IMAP login from

They are from me and I am getting mail however I do notice a lot of times it failing.

So I am looking for a solution to either exempt myself (not the best practice) or resolve why so many of my attempts are failing.

Im seeing those messages in the lfd log.

If you need me to provide any additional information feel free to...

I get a lfd on host.******: Suspicious File Alert.

Time: Mon Jun 29 11:45:17 2020 -0400
File: /tmp/libjansi-64-git-Spigot-db6de12-18fbb24-5095707643582958365.so
Reason: Linux Binary
Owner: kar***:kar*** (1050:1050)
Action: No action taken

The number after /tmp/libjansi-64-git-Spigot-db6de12- always changes.
How can I ask lfd to ignore those files?
Thank you.

Hi guys,
I'm new to csf, so, please dont judge me hard if already have answers.
Could you please help me understand how to build me owr rules.
As many users we run WP sites and most attacks are over login.php and xmlrpc.php.
So, how to tell:
If xxx.xxx.xxx.xxx POST (GET) login.php (and/OR xmlrpc.php) then check this IP in csf blacklists and if is there ban it perm (temp)

This example will help...

I have OSM installed on a few servers and I'm running into some weird errors I can resolve. The original error was:
*ERROR* Net::Pcap failed to install, see /etc/osm/osmpcap.log. Packet inspection feature has been disabled in osm.
To which i installed pcap on the servers that were affected via
sudo yum install perl-Net-Pcap
yum install libpcap libpcap-devel -y

I later saw this post ( ) where...

Is it possible to block connections from China (CN) without blocking e-mail from China?

We have one account that must receive e-mail from China. If I use CC_Deny, they e-mail is denied.

I would like to block login attempts, but not block e-mail from CN.

I'm not sure if whitelisting would work, but even if it did, I wouldn't know what domains to whitelist because they are working with...

Hi all,
we installed ConfigServer Security & Firewall yesterday and last night I noticed that I cannot update (nor register) domains with registrar through WHMCS. Its a custom built module, worked fine before Csf install and registrar confirmed there is no problem at their end.
Does anyone know what setting might be wrong in CSF that could possibly block registrar communication through WHMCS?...

When setting LF_MODSEC to 3 (for example), does that mean the offending IP is blocked if the *same* modsec rule is matched 3 times, or does it mean the IP is blocked on the 3rd match of *any* modsec rule?

Thanks for any clarification you can provide!

Hello dudes , after updating to v14.03 , I am facing some issues with CSF .
My CSF Automatically Stop and then after some seconds it's Automatically enabled , this happens again and again.
and in logs I see these logs -

Jun 18 20:47:35 server lfd : IPv6 Enabled...
Jun 18 20:47:35 server lfd : LOAD Tracking...
Jun 18 20:47:35 server lfd : Country Code Lookups...
Jun 18 20:47:35 server lfd :...