ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

csf.ignore doenst work with /24 or another CIDRs..

https://mail.forum.configserver.com/viewtopic.php?t=10763

Page 1 of 1

csf.ignore doenst work with /24 or another CIDRs..

Posted: 29 Mar 2018, 23:30
by PVasileff
Such as [url viewtopic.php?f=6&t=10685 ....

I have some case but with csf.ignore.

When setting up CIDR, like /24, /19 etc.. and restart lfd and csf and after that I trying to login in myhostname.com/cpanel with wrong user/pass - lfd block my ip addrss (that it part from ignored CIDR) - like a boss :)

Code: Select all

Mar 29 22:58:38 myhostname lfd[3865]: (cpanel) Failed cPanel login from 192.168.1.12 (BG/Bulgaria/192-168-1-12.ip.host-net.bg): 5 in the last 3600 secs - *Blocked in csf* [LF_CPANEL]
.When I put only IP address in csf.ignore file - like:

192.168.1.12 # my pc - mega tests

and restart csf and lfd and trying again to login with wrong creditionals on cpanel - in lfd log i see:

Code: Select all

Mar 30 00:21:27 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:27 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:27 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:32 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:32 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
May be that is a bug in csf.pl file..
Please provide a CSF version with working Network blocks/Allows/Ignores support...]here[/url]: I have strange case with csf.ignore.

When set in /etc/csf/csf.ignore:

Code: Select all

192.168.1.0/24 # Blocked network
or

Code: Select all

192.168.1.0/24
network and restart lfd and csf and after that I trying to login in myhostname.com/cpanel with wrong user/pass - lfd block my ip addrss :)

Code: Select all

Mar 29 22:58:38 myhostname lfd[3865]: (cpanel) Failed cPanel login from 192.168.1.12 (BG/Bulgaria/192-168-1-12.ip.host-net.bg): 5 in the last 3600 secs - *Blocked in csf* [LF_CPANEL]
[/i]

..
When I put only IP address in csf.ignore file - like:

Code: Select all

192.168.1.12 # my pc - mega tests
and restart csf and lfd and trying again to login with wrong creditionals on cpanel - in lfd log i see:

Code: Select all

Mar 30 00:21:27 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:27 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:27 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:32 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
Mar 30 00:21:32 myhostname lfd[1536]: Failed cPanel login from 192.168.1.12 - ignored
[/i]

May be that is a bug in csf.pl file..
Please provide a CSF version with working Network blocks/Allows/Ignores support...

Re: csf.ignore doenst work with /24 or another CIDRs..

Posted: 30 Mar 2018, 09:26
by ForumAdmin
We're unable to replicate any such problem:

Code: Select all

#grep 192.168.1.12 /etc/csf/csf.ignore
192.168.1.0/24

Code: Select all

#grep 192.168.1.12 /usr/local/cpanel/logs/login_log
[2018-03-28 14:33:15 -0300] info [webmaild] 192.168.1.12 - teste@domain.com.br "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN webmaild: user password incorrect

Code: Select all

# grep 192.168.1.12 /var/log/lfd.log
Mar 30 09:22:04 homer lfd[2373]: Failed cPanel login from 192.168.1.12 - ignored
So the problem would appears to be with your configuration.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited