When adding a new ip to the allow list using csf -a, the rule seems to be isnerted into IPTables, however, its not being honored. We still see blocking messages in syslog.
Rebooting is the only way I have found to clear it. Disabling fasstart did not work, enable/disable did not work.
Hello all!
I have problem with CFS. almal 8.8+DA. CSF shows:
You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:
Affected PHP versions:
/usr/local/php56/lib/php.ini...
If an IP starts gobbling up server resources by hitting a website multiple times, can we use CSF to rate limit them ? What I mean is, to slow the resource allocation to that IP if it is hitting the server multiple times.
I currently have an Apache box with linux CentOS7 and I also use Mod Sec.
Hello,
i recently was checking lfd.log ( i am using CSF/LFD with WHM/cPanel) and it caught my eye that although my server is constantly being targeted by potential perpetrators for trying to login by SMTP there are no entries in the lfd.log that indicate that lfd picks up these failed attempts.
Here is a grepped part of my exim_mainlog indicating failed smtp login attempts :
2023-09-13...
RH Linux server
Kernel 3.10.0-1160.88.1.el7.x86_64
WHM/Cpanel 108.0.15
csf v14.17
Things had been working fine but after recent kernel update, upcp script for nightly maintenance does not run properly.
Yum updates fail.
If I drop the firewall, everything runs as it should, but when CSF is back up maintenance fails and exits.
Seems like it is blocking access to repos - MariaDB103,...
Sorry to re-open an old thread but it's related, I added several IPS to the csf.ignore file and this seems to not work as these ips still get blocked by these exim syntax errors. Is there another file I need the IPS in so they are not blocked by CSF?
Thanks
Currently on up to date version V14.19
A few weeks ago I received an email stating that I'm sending requests to rather than for MaxMind database downloads and that in the coming months http is going to be removed.
I believe CSF is doing the http requests to Maxmind as I just checked and found the following:
I know this is my first post here, however I must do it since there is no support for CSF on Help Desk. Long story short I have a few ARM64 servers with AlmaLinux, Alibaba Cloud linux, Ubuntu 22; and CSF and LFD does not function properly. For instance, the CSF service on all of them:
I'm inquiring about the possibility of utilizing CSF to block all bots while allowing an exception for Google bots. Google has kindly provided us with a list of whitelisted IPs at the following links:
Googlebot IPs:
Special Crawlers IPs:
User-Triggered Fetchers IPs:
Google IPs:
I've attempted to research this on various forums but haven't been able to find a solution. Most...
Hello. We have a server with CSF that is not logging iptables blocks to var/logs/messages. Last iptables logs are from december. I tried to restart CSF but not works. I compared CSF configuration with other server that logs iptables well, but there is no differences.
I am using CSF on Debian 11 server, I installed Wazuh agent and I opened ports 1514 and 1515 in TCP OUT in csf.conf and in csf.allow
restart the CSF by csf -ra, also I used csf -f m but the ports still clocked and I see this in syslog
Aug 24 11:46:16 dns kernel: Firewall: *TCP_OUT Blocked* IN= OUT=ens5 SRC=172.31.31.157 DST=X.X.X.X LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=48959 DF PROTO=TCP...
I have 3 servers, the master-server knows of the slaves, the slaves do not know about each other, but they do know about the master.
When i send a csf -cd xxx.xxx.xxx.xxx from one of the slaves, the master-server blocks the IP but does not sync it on the other slave.
How do i configure my servers, so that if i send a csf -cd from one slave to the master, the master then syncs it to the other...
Since latest Ubuntu update (23.04) I've noticed that CSF stopped working correctly. I didn't notice any temp nor perm IP ban. There is also no mail notification about that, but in logfile I see that there is many same connections which are refused after some time/connections. I'm really not sure WHERE is the problem, because before update all seems work well. There is no new changes in...
Hello, I have seen other systems using csf and when your password is incorrect a certain amount of times it brings up a ban screen which you can then complete a captcha to unban. I have enter my captcha details and tried everything I could find on the web nothing works, currently when i get banned I just cant access my whm cpanel or server etc but I cant unban myself. Does anyone know why this...
I was trying to figure out why changes to blocklists and firewall configurations didn't seem to be taking effect. After digging into it more today, I think I have found a potential bug.
When restarting csf and lfd through csf -ra or through the web interface, the web interface reports back that CSF and LFD were restarted, however when checking the service status with systemctl status lfd.service...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum