ConfigServer Community Forum

Dear All,

i have a little problem with CSF when i enable CSF in the server i have this results with the dns report

if i disable all result is ok

waiting for your help

Regards

I'm trying trying out CSF using vagrant to test out how it works and testing out the configuration I need to do before I apply to my actual VMs.

I deployed two sandbox VMs. 192.168.33.10 (with CSF) and 192.168.33.11 (VM that will try to brute force SSH to 192.168.33.10)

Given /etc/csf.allow

10.10.10.10
192.168.33.1
172.16.1.1/29
192.168.33.11

And /etc/csf.ignore

127.0.0.1
10.10.10.10...

Is there a way I can block all countries except the USA?
Is there some way to allow blocked countries to access http: https to view the websites but not allow any other connections? (services i.e. ssh, email, ftp, cpanel, whm, etc)
today and tonight there is constant hacking, all of it is over seas.
server is blocking it. but I was wondering if I could put a stop to it.
thank
Robert

I keep seeing dozens, sometimes hundreds of class B or C IP's coming to the server with 1 connection with no real performance impact. I never let them stay connected long enough (or they don't) to dig deep into what they are actually doing (I need to thought).

My question is, is there a setting in CSF to watch for a scenario like this and block that B or C class block. This latest one is from...

Hi,

We are facing last 1 week our multiple server frequently 443 port is not accessible, When ever port is not accessible once we restart csf then its start working.

Please help us what was the issue and how we can fix it in all the server?

Hi all,

I have started to receive emails from my server like a week ago about suspicious file running on my server. This is an example email sent to me by CSF.

lfd on frodo,.em4hosting.com: Suspicious File Alert

File: /tmp/f7d5859d3fd2dc6
Reason: linux binary
Owner: em4hosting:em4hosting (1003:1005)
Action: No action taken

The system keep sending the same mail several times a day. How can i...

Hi,

Receiving a ton of SSH login alert emails for genuine and approved logins - how can I turn off these login alerts completely, or add a list of IP addresses that won't trigger these alert emails:

lfd on example.com: SSH login alert for user root from 1.1.1.1

Tried changing LF_SSH_EMAIL_ALERT to = 0 in csf.conf - but that has no effect. RESTRICT_SYSLOG is also set to = 0 , so not sure if...

Hello, I recently tried to install CSF in cPanel servers and cPanel DNS Only and I got the same error every time I edit the configuration file for the csf firewall and lfd:

cPanel v78.0.12
ConfigServer Security & Firewall - csf v12.09
Linux version 3.10.0-957.5.1.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Fri Feb 1 14:54:57 UTC...

What exactly do the options for Docker do in the configuration? There is no documentation for this.

Initially they seem to work but I'm not even sure if this is CSF not working at all because once you hit csf -r it seems this breaks something on a permanent basis as you cannot start any container anymore, giving an error about iptables no chain/target by that name.

I have tried for hours to...

I had issues with a weird attack so I've installed mod_qos on a cPanel server.
It seems to work:

# cat /var/log/apache2/error_log | grep qos
AH00489: Apache/2.4.39 (cPanel) OpenSSL/1.0.2s Apache mod_bwlimited/1.4 mod_qos/11.63 configured -- resuming normal operations
AH00489: Apache/2.4.39 (cPanel) OpenSSL/1.0.2s Apache mod_bwlimited/1.4 mod_qos/11.63 configured -- resuming normal operations...

Hello,

I'm missing the System Statistics I had with cPanel now that I'm using Directadmin. CSF support told me to ask here as it's a free product and they don't offer any support. Do you know how to fix this? I'm talking about the stats where you can see CPU/memory/etc.

I installed Perl modules and everything it's working correctly.

Thank you.

I know how to update csf the command csf -u, and also I know how to auto update CSF by modifying the config file /etc/csf/csf.conf.

But I don't want to auto update, as a server administrator, the best thing to manage system is to receive notification and manually update. So, is there any command to check if latest version is available? like csf -check_update. I want to create cronjob for this....

Hi, i have this warning:

*WARNING* Cannot use DROP_OUT value of [] on this server, set to DROP

How i can fix this?

Thanks.

Marco

I installed csf & lfd, and osm on my server. I was trying to troubleshoot a spam issue (the server was sending spam), and these tools were very helpful in identifying where the issues might be. I already knew which cPanel account was responsible, and by searching the System logs in the ConfigServer Security & Firewall plugin section in the WHM, I was able to determine which scripts were likely...

After upgrade debian stretch to buster csf is enable but stopped.
I tried a fresh install of csf but same problem.
What's going on ?
Please help.

We are trying to cut down on the number of emails of logs that we receive and are attempting to move everything to pipe all logs from a stack to papertrail. Is it possible to do this for the csf, lfd, cxs, rootkit logs?

Hello,
I have started receiving calls that clients websites are not accessible from countries which are not on my CC_DENY list. For example Canada. Looking through my logs I am seeing the following lines, repeated multiple times:

Jul 30 09:11:28 server1 lfd : CC: Processing GeoLite2 CSV Country/ASN database
Jul 30 09:11:31 server1 lfd : CC: Extracting zone from GeoLite2 CSV Country/ASN database...

Hello,

I want to config my CSF on Debian to block failed logins for Wordpress websites.

I have a lot failed logins everyday and Im wondering how to block it as if 10 logins failed IP is blocked for several days.

This will help me to solve spammers attack to my websites on Wordpress.

Can you give advide which settings should I change and what values will be good for that case?

Kindly...

Hello,

I am getting serious problem with UDP i am getting a lot of UDP outgoing traffic which makes my server went down and my provider won't allow these kind of traffic at all so when this happen server IP went into nulled routed which cause a lot of issue to my clients. I need your help to sort this thing out. Below you will find logs.

out: 173.208.255.5 168.62.170.227:48658 -...

Hi,
recently I get emails like the following email, There are blocked UDP_OUT with different ports to some IP addresses which those are blocked
How can I trace where is the problem and which accounts do such connections?
It seems there are some scripts which try to connect to the output, but I couldn't find which accounts do this
Appreciate for any help

Title: lfd on XXXXXX.com: UID 25 (named)...