ConfigServer Community Forum

Hi Everyone,

I'm trying to configure CSF to cluster 3 servers, I want server 1 to be the master and then the other two servers to share information.

###############################################################################
# lfd Clustering. This allows the configuration of an lfd cluster environment
# where a group of servers can share blocks and configuration option changes.
# Included...

Hello,
LFD do NOT recognize matching mod_security rules from Imunify.

We tested with many imunify rules with LF_MODSEC directive and DEBUG directive enabled in csf.conf.

Imunify mod_security rules are not counted neither ignored.

Tested with:

Imunify 4.5.6-1
CloudLinux 7.7
cPanel 11.84
CSF 14.02

Example.
In csf.conf
LF_TRIGGER= 0
LF_MODSEC= 10
LF_MODSEC_PERM= 1

Our custom rule matched:...

Hi,

I installed a docker on my machine, running a Discourse instance.

On the host machine, lfd coninues to call out Excessive Resource usage for some commands that I really think are coming from the docker.

Examples:

Executable: /usr/local/bin/ruby
Command Line: unicorn worker -E production -c config/unicorn.conf.rb
---
Executable: /usr/local/bin/ruby
Command Line: unicorn master -E...

yesterday i block ip 62.109.24.84 it work but today this ip still attach my server, then i block this ip again, can you suggest me.

Thank you

We are using the csf RELAYHOSTS setting to prevent lfd from creating temporary firewall entries for customers who successfully check email. We are not on cPanel, so the setting isn't normally there, but it works well. We have a separate daemon that maintains /etc/relayhosts with the IPs of recent successful connections.

The problem is that during a csf upgrade it seems to strip the RELAYHOSTS...

Hi

I'm in the process of moving from Apache to Nginx, but I can't seem to get the new regex rules working for Nginx.

My rule for 404 flood detection is here:

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /.*No such file or directory\), client: (\S+),.*/)) {
return ( NGINX Security rule triggered from ,$1, nginx_404s , 4 , 80,443 , 86400 );
}

An example log is here:

2020/03/08...

Hi,

I was looking through settings, and documentation, and i could not find, any wy to disable just mail of Excessive resource usage . Is that even possible ?

Asking as i want to switch using log reports instead, and do not want completly disable time and resource usage tracking of processes.

I have a sandbox server that mimics my live site. We have some CRM systems that make outbound connections to smtp servers on port 995. And since our sandbox is sync'd/refreshed regularly with our live site, I've blocked outbound port 995 on our sandbox to prevent the sandbox copy of the live servers from accidentally ever retrieving customer email from our POP servers. I can't disable the cron...

I just saw in configserver's blog the following notice:

We are deprecating support for Virtuozzo/OpenVZ servers. Future releases will not take into consideration those platforms which have become onerous to support. The software application may continue to work but support and functionality is no longer guaranteed

Is this about Virtuozzo/OpenVZ hosts or containers?

I'm seeking ideas for the most native way to create a configuration to make LFD ignore all IP addresses within a specific Autonomous System Number.

The use case is this: I don't want to block legitimate web crawlers on my server which may trigger failure logs due to HTTP 403's and HTTP 404's. This is frequently a common behavior for websites I host with many pages, which are crawled by search...

Hello,

Receiving the following:

Time: Thu Mar 5 09:02:42 2020 -0500
Account: openvpn_as
Resource: Process Time
Exceeded: 1832 > 1800 (seconds)
Executable: /usr/bin/python2.7
Command Line: /usr/bin/python2 -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile /usr/local/openvpn_as/etc/tmp/wserv.pid -r epoll
PID: 7125 (Parent PID:7104)
Killed: No

Do I...

Hi All
Since several days ago my log files show the following error /usr/sbin/csf -u
I have two similar servers and both have same error each nigth at the same hour so it looks like some update proccess cannot be completed
I did not find any information on the forum about -u command
Regards

Hi,
I am using the Config server firewall on CentOS. My question is how to configure csf to allow IPv6 connection(FTP,SSH)??
(If i connect through ipv4 it is working but incase of IPv6 it is not working)

hello

My problem is that when connecting to ftp if csf is enabled, ftp cannot be connected
But if ip in csf allow the connection is established !
How to fix a problem that connected to ftp without having to allow ip in csf?

thanks ...

Hello i have many e-mail with this alert, i didnt find nothing about it. How can i solve?

Time: Sat Feb 29 11:17:48 2020 +0100
File: /dev/shm/\i360_blamer_reducer423.u1025
Reason: Suspicious file name
Owner: user:user (1025:1028)
Action: No action taken

Hi,

I am receiving an error when attempting to access the interface. I am getting a 500 Internal Server Error:

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/configserver/csf.cgi): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file.

I rebooted the server but that didn't solve the issue.

I checked available disc space,...

Good morning,
I apologize in advance if there is already a topic like this, I have searched but have not found it.

I use csf on an AZURE servers, they blocks outgoing mail on port 25.
Is there a way to use notifications and alert with user logged in on another server?

thanks for helping.

Davide Sanryu

An end user is using an email client (like Thunderbird) and are able to receive/send emails just fine, but then after a while, their IP address gets blocked by CSF. The entry for the block in csf.deny is like this:

lfd: (smtpauth) Failed SMTP AUTH login from XXX: 10 in the last 3600 secs

The end user is insisting they have the correct login details and its proven by the fact that they are...

hello

i use whm/cpanel , also last weeks i receive lot of amil notification like :
lfd on servers.site.com: Excessive resource usage: host (24147 (Parent PID:1817))

Time: Wed Feb 26 18:48:07 2020 +0100
Account: host
Resource: RSS Memory Size
Exceeded: 331 > 256 (MB)
Executable: /opt/cpanel/ea-php72/root/usr/sbin/php-fpm
Command Line: php-fpm: pool host_us
PID: 24147 (Parent PID:1817)
Killed:...

Hi,

Is a csf restart required to load new blocklist rules into iptables?

We're currently using csf.blocklist to download blocklists every hour. The logs show the updated lists are successfully downloaded and added via IPset. However the new IP addresses do not seem to come into effect until CSF/iptables is restarted.

Is this the correct behaviour?