ConfigServer Community Forum

Posted: **11 Jul 2013, 20:44**

I'm trying to figure out a way to add ip addresses to the csf.deny list by means of a php script.
My first approach was to directly write to csf.deny from my php script. But figured that it was better to use usr/sbin/csf -d x.x.x.x because the ip is then directly blocked.

Code: Select all

<?php
// some code to retrieve an abusing IP address.
 exec("/usr/sbin/csf -d x.x.x.x");
?>

But the above is not working.
Tried with shell_exec and some other commands too.

My php file has ownership root 4711

Any suggestions?

Posted: **21 Jan 2015, 19:45**

I know this is a fairly old post but I've been looking for the answer to the same question.
The difficulty (I think) is that you need to be root to call the command-line CSF configuration utility e.g.

Code: Select all

csf -d 11.22.33.44 Added because I don't like them

Most PHP scripts will run either as Apache, Nobody or the owner of the site.
If you use

Code: Select all

exec()

or

Code: Select all

shell_exec()

in your script, you just get a permission error.
An option is to put the script in a cron job and run every 15 mins but what if you are being attacked and want to block the offending IP(s) immediately ?

Posted: **21 Jan 2015, 23:06**

Okay, here's my solution, hopefully someone can sanity-check it.
I should say my server uses suPHP so my sites run with permissions of their owners.
The best approach seems to be to allow your web user to sudo the command.
Step 1 : I create a file /etc/sudoers.d/webuser with one line :

webuser ALL=NOPASSWD: /usr/sbin/csf

Please note (a) this requires /etc/sudoers to have the line :

#includedir /etc/sudoers.d

and (b) recommend using [font=courier]visudo[/font] to make sure you don't break your sudoers file.

This allows my webuser to do stuff like

Code: Select all

shell_exec("sudo /usr/sbin/csf -d");

Step 2 create a function to add an IP and comment :

Code: Select all

function AddIPToCSF($ip,$comment) {
    $cmd = "sudo /usr/sbin/csf -d";
    $s = $cmd . " " . $ip . " " . $comment;
    $output = shell_exec($s);
    return "<p>" . $output . "</p>";
}

Step 3 : Call this function when needed e.g.

Code: Select all

<?php
  require_once("../path_to_function");
  $ip = "112.215.66.76";
  $comment = "Added, random hacker/injection attempt etc";
  $res = AddIPToCSF($ip,$comment);
  echo $res;
?>

The implication for security is that in theory, any malicious web script can use the CSF command line options which are very powerful and could disable CSF completely - am I right ?

Posted: **21 Jan 2015, 23:30**

Thanks for posting your solution. I certainly will try it out.

Grindlay wrote: The implication for security is that in theory, any malicious web script can use the CSF command line options which are very powerful and could disable CSF completely - am I right ?

You're right about that. But you can minimize risk if your not using this on shared servers.

Posted: **26 Apr 2022, 01:48**

I know this is a few years old but will this still work with current CSF setup etc?

Ineed to send IP's to the firewall from a shopping cart when a Honeypot or Brute Force is triggered

Posted: **02 May 2022, 06:34**

Hi.
The best way is to add your own rule to /usr/local/csf/bin/regex.custom.pm

Per CSF readme file:
You can also add your own login failure tracking using regular expression
matching. Please read /usr/local/csf/bin/regex.custom.pm for more information

If you know what is the log output of the Honeypot or Brute Force, then you can create your own rule using that info.

ConfigServer Community Forum

execute usr/sbin/csf -d within a php script

execute usr/sbin/csf -d within a php script

Re: execute usr/sbin/csf -d within a php script

Re: execute usr/sbin/csf -d within a php script

Re: execute usr/sbin/csf -d within a php script

Re: execute usr/sbin/csf -d within a php script

Re: execute usr/sbin/csf -d within a php script