ConfigServer Community Forum

Hi,

A couple of versions ago, something changed with the way that CSF treats hostnames listed in the lfd Dynamic DNS.

I am now receiving email alerts of the form[INDENT] lfd: SSH login alert for user XXXXX from AAA.BBB.CCC.DDD (Unknown)
[/INDENT]each time I login to the server from this IP addresss, which one of the hostnames listed in the lfd Dynamic DNS list resolves to.

I've double-checked the IP addresses and that I can resolve the dynamic dns hostname on the server. Is there some other configuration option that I need to set?

Thanks.

That's perfectly normal. The DYNDNS feature allows the IP through iptables, it doesn't affect lfd at all.

Hmmm. The thing is that it wasn't generating access reports/alerts until recently

i.e. I could log in from a remote IP that was registered with a DynDNS hostname and CSF did not send an access report/alert.

That's because the regex's were recently improved to pick up SSH logins correctly.

OK. Would it be possible to whitelist some or all of the DynDNS hosts?

Thanks.

Not at present, because lfd doesn't support ignoring of DYNDNS entries - that only applies to csf and the building of the iptables rules. I'll look a adding an option to csf.conf to additionally ignore DYNDNS entries.

Thanks, I think it could be a popular feature

I see that you've incorporated this into the latest release, and it works a treat. Thanks! :):)