CSF is blocking Wordpress Jetpack plugin

[chetherington]

I believe CSF is blocking wordpress jetpack from communicating with wordpress as it throws either a connection timeout error or a gateway 504 error. I am a bit stumped and this is what I have currently so please let me know if it helps or if I need to provide more information.

Server details
CentOS 7.9.2009
Cpanel v98.0.4
csf v14.10

Code: Select all

Error: cURL error 28: Operation timed out after 10001 milliseconds with 0 bytes received (http_request_failed)

/var/log/lfd.log

Code: Select all

[root@the ~]# tail -f /var/log/lfd.log
Aug 17 07:42:18 the lfd[30210]: *Suspicious Process* PID:27726 PPID:32441 User:nobody Uptime:31997 secs EXE:/usr/sbin/nginx CMD:nginx: worker process
Aug 17 07:56:20 the lfd[1555]: *Suspicious Process* PID:27071 PPID:2883 User:klightpt Uptime:1364 secs EXE:/opt/cpanel/ea-php73/root/usr/sbin/php-fpm CMD:php-fpm: pool klight_pt
Aug 17 08:16:23 the lfd[5755]: *Suspicious Process* PID:27734 PPID:32441 User:nobody Uptime:34041 secs EXE:/usr/sbin/nginx CMD:nginx: worker process
Aug 17 08:19:23 the lfd[6380]: *Suspicious Process* PID:4362 PPID:2868 User:kawaii Uptime:588 secs EXE:/opt/cpanel/ea-php74/root/usr/sbin/php-fpm CMD:php-fpm: pool everything-kawaii_com
Aug 17 08:20:43 the lfd[6957]: *WHM/cPanel root access* from 76.30.85.241
Aug 17 08:24:24 the lfd[8027]: *Suspicious Process* PID:7099 PPID:2868 User:kawaii Uptime:191 secs EXE:/opt/cpanel/ea-php74/root/usr/sbin/php-fpm CMD:php-fpm: pool everything-kawaii_com
Aug 17 08:25:24 the lfd[8306]: *Suspicious Process* PID:27732 PPID:32441 User:nobody Uptime:34583 secs EXE:/usr/sbin/nginx CMD:nginx: worker process
Aug 17 08:26:24 the lfd[8508]: *Suspicious Process* PID:27728 PPID:32441 User:nobody Uptime:34643 secs EXE:/usr/sbin/nginx CMD:nginx: worker process
Aug 17 08:26:24 the lfd[8508]: *Suspicious Process* PID:27731 PPID:32441 User:nobody Uptime:34643 secs EXE:/usr/sbin/nginx CMD:nginx: worker process
Aug 17 08:26:24 the lfd[8508]: *Suspicious Process* PID:27735 PPID:32441 User:nobody Uptime:34643 secs EXE:/usr/sbin/nginx CMD:nginx: worker process

/var/log/messages

Code: Select all

[root@the ~]# tail -f /var/log/messages
Aug 17 08:29:12 the kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=199.195.252.240 DST=51.79.120.33 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=40847 DPT=9090 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 17 08:29:12 the kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=194.163.163.115 DST=51.79.120.32 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27284 PROTO=TCP SPT=42136 DPT=76 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 17 08:29:14 the kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=158.51.124.129 DST=51.79.120.34 LEN=76 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=UDP SPT=60593 DPT=123 LEN=56
Aug 17 08:29:14 the kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:eb:40:08:00 SRC=144.86.173.24 DST=198.27.68.30 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=51053 DPT=3000 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 17 08:29:15 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=92.222.186.1 DST=51.79.120.44 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57781 SEQ=1
Aug 17 08:29:15 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=92.222.186.1 DST=51.79.120.41 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57781 SEQ=1
Aug 17 08:29:15 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=92.222.186.1 DST=198.27.68.30 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=57781 SEQ=1
Aug 17 08:29:15 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:eb:40:08:00 SRC=167.114.37.1 DST=51.79.120.40 LEN=32 TOS=0x00 PREC=0x00 TTL=12 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37070 SEQ=1
Aug 17 08:29:17 the kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:eb:40:08:00 SRC=74.120.14.93 DST=51.79.120.44 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=55021 PROTO=TCP SPT=38150 DPT=51000 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 17 08:29:17 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:eb:40:08:00 SRC=167.114.37.1 DST=51.79.120.44 LEN=32 TOS=0x00 PREC=0x00 TTL=12 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37070 SEQ=1
Aug 17 08:29:18 the kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=45.146.165.208 DST=51.79.120.45 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=37186 PROTO=TCP SPT=46854 DPT=3514 WINDOW=1024 RES=0x00 SYN URGP=0
Aug 17 08:29:19 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=92.222.184.1 DST=51.79.120.37 LEN=32 TOS=0x00 PREC=0x00 TTL=9 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=54539 SEQ=1
Aug 17 08:29:20 the kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=204.42.253.130 DST=51.79.120.46 LEN=66 TOS=0x00 PREC=0x00 TTL=49 ID=33633 DF PROTO=UDP SPT=36694 DPT=161 LEN=46
Aug 17 08:29:20 the kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=204.42.253.130 DST=51.79.120.46 LEN=66 TOS=0x00 PREC=0x00 TTL=49 ID=33634 DF PROTO=UDP SPT=36694 DPT=161 LEN=46
Aug 17 08:29:20 the kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:eb:40:08:00 SRC=184.105.139.91 DST=51.79.120.44 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45706 DPT=11211 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 17 08:29:21 the kernel: Firewall: *ICMP_IN Blocked* IN=eth0 OUT= MAC=70:54:d2:1a:86:58:6c:9c:ed:ba:ec:40:08:00 SRC=167.114.37.1 DST=51.79.120.33 LEN=32 TOS=0x00 PREC=0x00 TTL=12 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=37070 SEQ=1

[Sergio]

Add the following line at csf.pignore:

exe:/usr/sbin/nginx