ConfigServer Community Forum

Hi,

I am trying to have CSF/LFD not alert about rpc. I've tried adding the following exe's to the csf.pignore file to no avail:

exe:/sbin/rpcbind
exe:/usr/sbin/rpc.statd

For some reason I am still being bombarded with this alert:

Executable:

/usr/sbin/rpcbind

Command Line (often faked in exploits):

/sbin/rpcbind -w

I also tried adding them as cmd: as well with no difference.... am I...

How can i add in ignore list? i have WHM with me i need guide.

Hi, in this day my server is under spam attack, for this reason i have activated a Gateway guard solution to my MX Records.
Some spam maybe are able to bypass MX record so continue to arrive on my inbox.

I need ask to the CSF Firewall to deny all IP except some IP who will be this MX Guard IP.
How i can do this?

Hi,

I am new here. I have been trying to find my answer through the search function on the forum but cannot find it.
I am blocking traffic from certain countries. Is it possible to redirect that traffic to a specific custom url ?

Thanks,
Marcus

What is the timeout for LFD UI to kick you out to the login screen? It seems very short, is there a way to change it? I tried to migrate some CSF settings from another server over and when I went to save it had already timed out and I had to start again. I did that twice before just saving after every 3rd setting....

csf can be configured so that when a client is blocked by ip itself site will display a message , (AS BEEN BLOCKED IP )

Hello,
We have a VPS with Centos 7.6 and Cpanel/WHM installed. We installed CSF and it worked great until some days ago. The interface in WHM doesn't load and it is showing a blank page.
In the error logs we fond the below:

Below you can find the error log from /usr/local/cpanel/logs/error_log:

warn The subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/configserver/csf.cgi) exited with an...

We're not seeing any issue on a basic server installation of Fedora v30:

# cat /etc/fedora-release
Fedora release 30 (Thirty)
# perl csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing...

I am looking for a field to add a command like cphulk

Is there any existing functionallity? Or can be added?

I need to post remote ip/country/reason/time etc to able to track and build my own blocklist

Hello

The delete CloudFlare command is returning the failure
both at the interface and also at the command line.

CloudFlare Delete xxx.104.28.197 for user(s) SRV12:

Message:
csf - CloudFlare: id failed: 400 Bad Request (SRV12)

- Command line
# csf --cloudflare del xxx.104.28.197 SRV12
csf - CloudFlare: id failed: 400 Bad Request (SRV12)

Regards.

Jean

Hello,

I set CF_ENABLE to 1 and put my api and email to the csf.cloudflare file but csf will not sync csf.deny ips to cloudflare firewall

How to maintain and deploy configurations for CSF firewall for several Ubuntu Linux servers?

Currently I maintain configurations for each server separately on my PC. If and when I make a change or improvement I manually ripple it across all the configurations and upload to my servers. This is error prone and tedious. (A configuration is a set of files such as csf.conf, csf.allow, csf.ignore,...

Hello all,

I tried adding port rules for a specific IP that is present in a BLOCKLIST to access the server. It was added to csf.allow

tcp|in|d=80|s=xx.xx.xx.xx
tcp|in|d=443|s=xx.xx.xx.xx
tcp|out|s=80|d=xx.xx.xx.xx
tcp|out|s=443|d=xx.xx.xx.xx

After reloading the csf, when I ran a csf grep, it shows as below

# csf -g xx.xx.xx.xx

Table Chain num pkts bytes target prot opt in out source...

Hello,

Currently, I have configured the csf service so that if a person makes more than 10 attempts to connect to the pop service with a bad password it is temporarily blocked.
But after 5 temporary blocking it is permanently blocked, I would modify this value in order to increase it.
could you tell me how to do that?

Best regards

hi,

i don't know why CSF block my IP (and many others) without any reasons..

i just logged in , then i tried t upload file using File manager .. my ip blocked.
visitors just vist my website from google , CSF blocked them..

maybe i did some fault config.

please help

Hello,

As we know that the IP address deny file in csf.deny is limited to 1000 ip's
lately i had a massive attacks with over a thousands ip address, my question is.... can i set ip address deny limit in csf.deny over than 1000 ip's...?

Thank you

Hi,

csf.conf is using maxmind geolite2 country, but this is not available anymore from 2 Jan 2019.

Any fix?
(using it for CC_ALLOW/CC_DENY)

Thank you.

Hiya all,

I just noticed this happening since today and I don't know what's going on. See the log below:

Apr 25 17:28:46 arabier lfd : (WordPress) Failed wordpress login from 88.68.42.8 (DE/Germany/dslb-088-068-042-008.088.068.pools.vodafone-ip.de): 5 in the last 3600 secs - *Blocked in csf* for 86400 secs
Apr 25 18:35:35 arabier lfd : Incoming IP 88.68.42.8 temporary block removed
Apr 25...

Hi All,

I'm getting hourly Log Scanner Reports --

lfd on xxx.xxx.xxx: Log Scanner Report for 15:00, (lines:144)

I would like to turn these off if possible, does anyone know if this can be done?

Thanks!

Hello,
i have a vps (kmv) and i would block all incoming connections outside Italy.

this server is
Centos 7 + cpanel

so i disable cphulk and install CSF.
then install
yum -y install ipset

my CSF conf is:
...
CC_ALLOW_FILTER = IT
...
LF_IPSET = On
...
FASTSTART = Off
...

restart CSF , i tried reboot server also but i can connect from another my server located in France.

if i disable LF_IPSET...