i need to do some thing after a csf update was successful.
Therefore i disabled the autoupdate and call the update by hand with csf -u.
Is it possible to get different return codes or something like this to know if there where no update (because latest version is installed) or if a new version was installed?
As alternative solution it would be great if i can configure an...
As a theoretical question assuming:
1) regex.custom.pm is properly formatted and without errors;
2) a log file in text format exists with one entry per line of failed logins;
3) csf has the proper log file identified as CUSTOM1_LOG in csf.conf;
4) Am I missing something?
Then csf should be able to block at the firewall a malicious user hammering away at an application login screen, said...
I've been reading the forums and the readme and I cannot get this sorted out. I have a server running Ubuntu Landscape and the following four command line items keep triggering CSF for excessive research usage:
We use CSF+LFD on all of our Linux based servers of which are endpoints, in that they are not required to do any IP forwarding/routing. (We'd use Shorewall for that.) This includes our internal office servers.
We also use two Unbound instances as our office DNS resolver, particularly as we have various internal only DNS mappings we need to establish.
I just had a new server created CentOS7 / EA4 with Apache 2.4/PHP5.6
The previous server was CentOS6.9 / EA 3
Both with CSF of course, and settings copied from the old to new.
I've run into a problem with some php backup scripts that send a mysql dump file offsite.
The scripts (which have been running for years on the old server) are failing around the ftp connection and transfer.
I ' d like to know if inside:
/etc/csf/csf.conf
I can use the following syntax for file globbing:
...
...
# Log file locations
#
# File globbing is allowed for the following logs. However, be aware that the
# more files lfd has to track, the greater the performance hit
#
# Note: File globs are only evaluated when lfd is started
#
...
...
APACHE_LOG = /var/www/vhosts/*/*/logs/*_log...
for many years i used this rules and it worked but recently i found it stop working, eg, i removed port 22 from csf config to block global access to this port, and added some IPs to whitelist csf.allow to able to access this port. only some IPs. everything worked as well but recently i found this port is open to all. i restarted csf, it fixed but after some days when i tested from a random IP...
I'm using a third party mail server to send emails for the domains hosted on the VPS. They provide MX, TXT, CNAME records (without any IP address) to add in the DNS zone file for each domain, which I did successfully and emails are being sent by the PHP script using SMTP authentication.
Thus, I have disabled all email related services (Postfix, Dovecot, etc.). As a result, I'm not getting system...
I had hundreds of http connections from the abusive IP and added IP to csf.deny. Apache status page however continued showing connections from this IP. I restarted services and killed processes without any luck. I had to add IP to CloudFlare firewall to stop the connections. Is there a certain attack rate that makes CSF and software firewall useless for this case?
I am having an issue with Cloudflare. However I do not have the Cloudflare option enabled in CSF. I don't want to send blocked IPs to Cloudflare since it's just a free account anyway and I don't like all the other restrictions I saw in the readme file. I just wanted to use Cloudflare for caching. Herein lays the issue.
There is only one website on this server and it's a WordPress site....
I started using regex.custom.pm several years ago, with great success.
However, for reasons unknown, it stopped working over a year ago. The regex.custom.pm didn't change. There have been changes to csf.conf, including automatic update changes. However, I have a copy of the conf file saved some months before the regex script stopped working, and the only difference I can see in the latest conf...
We have CSF installed on our server and it seems to block mail coming from our billing system. I have configured it to allow the SMTP PHP mail to go through. It starts working for a few days then starts blocking again. I have to reboot the CSF services for it to start working again then it does the same thing a few days later.
Hi, I am using csf: v13.06 on WHM server (CentOS Linux release 7.7.1908 (Core)).
It seems I am no longer receive email alert whem someone access through WHM or cPanel.
My IP is not listed csf.allow or csf.ignore .
My relevant config is:
Hoping someone can provide a quick answer to this.
I've installed csf on amazon linux 2 latest version. When attempting to start it it's failing with the following message:
Oct 07 15:32:54 dev-ci-single-11.189 csf : open3: exec of is-active firewalld failed at /usr/sbin/csf line 906.
Oct 07 15:32:54 dev-ci-single-11.189 systemd : csf.service: main process exited, code=exited,...
I recentley added the Firehole Level 1 block list (4400 IPs which is a combination of block lists. I'm surprised I'm not seeing any blocks from it in the log. Do I need to change a setting to log blocks from block lists?
I have a Wordpress site that uses a different admin login username. Somehow the new username got broadcast to whatever hackers get their known usernames for a site from as now I can see in my Wordpress logs there are frequent failed logins for this username from different IP addresses. I believe all brute force attacks have to be based on detecting login attempts from the same IP address and...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum