ConfigServer Community Forum

This started happening and I am not sure what I am missing at the moment. csf.deny is now cleared and I have created an /etc/csf/csf.cloudfront.allow with their full range of IPs and included reference to it in the csf.allow and restarted but I am still seeing timeouts. As soon as I turn off csf, it loads right up. I have also made sure flooding options are disabled but still encountering this...

Hello , I'm getting this message in my email from the cron daemon: Oops: Unable to download: Can't connect to download2.configserver.com:443 (Connection timed out) . now 433 is open and I don't see the cron job in the cron job area of cPanel. I've whitelisted the config server IPs too in CSF. is there a cron job script i can add to the cron job lists in cPanel? Thank you for the help! :)

I have a member on the server that uses google ads. Google is reporting http 500 error for the url's, even though they work fine. They are saying their IP(s) are being blocked. I downloaded a list of all of their IP's and CIDR's (about 300) and added them to the whitelist by editing the allow list. But the problem is still there. I found that if an IP is in the deny list and I add it to the allow...

Hi,
yesterday I updated cpanel and centos on a couple of servers and, after that update, CSF CC_IGNORE is not working.
I had CC_IGNORE for my country working for a long time until yesterday and, after that update, all servers have this issue now.

Does anyone has the same problem?

I tried to restart but no luck.

Best regards

Hello,

I'm reporting a persistent issue I've been experiencing with ZeroTier connectivity when the CSF is active on my Linux system. Despite my attempts to configure the firewall to allow ZeroTier traffic, ZeroTier does not function as long as CSF is active.

Here's what I've done so far:

I have allowed all UDP traffic in both UDP_IN and UDP_OUT sections of my CSF configuration.
I have opened...

Hi Guys
I've been trying for a month to stop LFD warnings from legitimate PHP scripts that are run from cron, but none of the suggestions I've found are working.

I've tried ...

In /etc/csf/csf.signore
/path/to/script.php

In /etc/csf/csf.pignore
cmd:php /path/to/script.php
exe:/path/to/script.php
exe:/opt/cpanel/ea-php72/root/usr/bin/php-cgi /path/to/script.php
exe:/bin/bash -c /usr/bin/php...

Dear Sir,

I have installed CSF firewall on Centos Stream 9 on my VPS server successfully without errors.

However, after I set some IP ranges in this file:

$ vi /etc/csf/csf.allow

like:

###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com...

I'm clueless on what this means:
*ERROR* IPSET:
and what is to be done about it.

Alma Linux
csf v14.20

Appreciate some guidance.

thank you all!

Hello!

I have a problem if csf enable.
for example:

CSF ENABLE

dig @8.8.8.8 ns1.besthost.az

; > DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu > @8.8.8.8 ns1.besthost.az
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER > DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu > @8.8.8.8 ns1.besthost.az
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER > DiG...

Hello, I am a new CSF user. I am using Almalinux 8.9 and cpanel. I have successfully installed CSF. But I couldn't achieve my main goal.

I want to block all requests coming directly to my server's ip address. But I want to allow 3-4 ip addresses.
I allowed my own ip addresses in the CSF interface. And I entered 0.0.0.0.0/0 in the Deny field to block all other traffic. but this time the traffic...

Seems this month Maxmind is enforcing it's API rate limits

Please note: Beginning in March 2024, MaxMind will begin enforcing its policies around API requests and endpoints. We will require use of the HTTPS protocol for all database download requests, and will require requests to use the proper hostname as listed below, and on our Developer Portal.

For my API downloads I now get too many...

Hello!
Recently i've been facing a problem in multiple server, when you add an ip to csf.allow on the UI it'll be added to the chain normally until you restart csf and lfd.
After the restart most of the ips on csf.allow won't be on the allow chain, if I remove them and add again it'll be added until the next restart;
The search option identify the ip on csf.allow but won't find it on the allow...

Hi,
I have setup CSF on our server but we're facing some troubles with too many IPs being blacklisted.
Many IPs that our clients access their e-mail from (dynamic ip ranges) are getting listed in Spamhaus, and thus CSF is blocking their connection to the server. I've checked csf.blocklists file but every RBL entry there is commented, so it shouldn't be affecting this, right? Anyway, i tried...

Good morning,

We currently have a custom blocklist and we managed to implement a webui for asking an unblock. But as the blocklist can only be reloaded each 3600s, the user have to wait a maximum time of 3600s to get unblocked.

Is there a way to trigger a blocklist reload within CSF/LFD from SSH? In this way we'll be able to unblock instantly an user.

Hello,

I run CSF on a cPanel server. CSF has MaxMind GeoLite2 Country Database MM_LICENSE_KEY and CC_SRC = 1 set and working ok. Example:

csf -i 66.165.246.164
66.165.246.164 (US/United States/waytotheweb.com)

I use CC_ALLOW option to add a couple of countries I want to whitelist but the problem is I'm still getting those countries IPs blocked (in temporary block list).

Now I created a...

Hello,

After upgrading to Rocky Linux and latest cPanel install, they wont allow Host Access Control anymore. So, I am trying to block all SSH connection except allow IP in the hosts.allow:

=============================
ALL : 1.1.1.1 : allow
sshd : 1.2.3.4 : allow
sshd : ALL : deny
=============================

What rule in the CSF can be defined to achieve the above SSH to block all incoming...

I am a victim of (D)DoS attacks for at least 2 years now from a very persistent attacker. The attacks are coming from spoofed IPs and the attacks are so low that it isn't distinguishable from normal traffic according to my provider (Hetzner).
CSF is able to detect them and block it according to the logs from what I can see in the /var/log/syslog file as the attacking IPs are there. Yet CSF is not...

On March 22, I discovered that SOME emails to users on my server were being returned to senders. Some were definitely coming through, but some weren't. I ended up having to disable CSF, at which time hundreds of emails started to come in.

This problem didn't happen on March 21, so it was a new issue after I hadn't changed anything. So it had to be something automated.

These IPs were in my Temp...

Hi everyone,

I'm having problems with PID.
Every hour I receive emails telling me:

Excessive resource usage
Resource: Process Time
Exceeded: 81271 > 5000 (seconds)
Executable: /usr/lib/systemd/systemd
Command Line: (sd-pam)
PID: 908897 (Parent PID:908891)
Killed: No

I get emails like this about lots of other PIDs. I've already tried to kill them or increase the duration of the PIDs in my...

Hello everyone, I hope you are well!
I've been having problems with CSF for a few months, even though it's the only firewall working on a cPanel server, when using the rules below:

tcp,udp|in,out|d=2087|d=0.0.0.0/0
tcp,udp|in,out|d=2087|d=::/0
tcp,udp|in,out|d=2086|d=0.0.0.0/0
tcp,udp|in,out|d=2086|d=::/0
tcp,udp|in,out|d=2084|d=0.0.0.0/0
tcp,udp|in,out|d=2084|d=::/0...