I have setup a modsec script to help protect my wp-login.php file. Essentially the script that I've found will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration.
I'd like to utilize the LF_MODSEC portion of CSF to add them to the iptables firewall so that they're blocked right at the front door.
We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;
d=3306|s= #
This has been working fine for a couple of years now.
However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on...
OK I know, CSF is an IP based firewall, but we are already working with domain name.
In csf.dyndns.
Could we get something like csf.blockeddomain that will work the other way?
Check every 10min what IP the domain has and add it to block list?
Hi, I'm looking at logs and finding that src ip's are looking for trouble, but they are spreading their attack times to a couple of tries over a spread of minutes. Cannot find a way in csf config to set a ban for this. Here is a sample of the syslog to show what I'm seeing (pruned the log down for viewing):
I have CSF configured to block SMTP Auth attacks, syntax errors, and POP3/IMAP access attempts. However, none of those appear to be being blocked at present and only SSH attacks appear to be blocked. I've double checked my configuration and it appears to be correct, but it's like CSF is ignoring it. I installed the software with CPanel but that shouldn't be the reason for that I wouldn't think....
Hello to all,
For the last few weeks, when I try to install a WordPress from a cPanel account, I receive this error:
WordPress was installed with errors:
Downloading and unpacking
Impossible to download pack 6.7.1 from
If I stop or restart CSF, it work for a few minutes, but then block again.
In TCP_IN and TCP_OUT, ports 80 and 443 are listed.
Hi, bit new to using ConfigServer and wondered how I can change the sensitivity of the IMAP filters to allow for more failed IMAP login attempts or change the time period.
We are getting quite a few genuine logs attempts but they are failing after 10 attempts.
Is there some setting that after a certain time period can automatically Unblock the failed IP address trying to login to IMAP.
So the...
hello I receive always ldf email alerts tons of.... 500 alerts and mor at day
i've tried many solutions PT_user =0 , disabling email alerts on csf.conf
put some process in csf.pignore
tried all solutions founded on the web but nothing works
always tons of email with alerts from lfd
i have plesk and linux so not a gui not cpanel but all commands via ssh
I cannot filter email to not send via plesk...
| SYSTEM INFORMATION||
|------------------------------|-------------------------------|
|OS type and version|AlmaLinux 9.5|
|---|---|
|Webmin version|2.202|
I will likely post this also at the Webmin forums, but just in case it's relevant here, I saw a number of errors and if CSF supply the Webmin install template, a small layout issue after following the...
I have been trying to configure CSF and Docker under a Plesk server. There are many posts in forums reporting that when Docker creates a NAT redirect to certain port, that port is exposed to the entire world.
I tried to use this csfpost tool but apparently It hasn´t worked.
In some way, installing netfilters tool for saving iptables rules I have managed to store a set of iptables rules...
In searching here I was unable to see whether CSF is compatible with nftables. I only found info on iptables-nft.
My application is cPanel servers running Almalinux, on which firewalld is installed and running on nftables. My question is simply will CSF drop in to that system and run fine? (I would assume yes, that nftables is fully supported, and that no tweaks are needed. But I didn't find the...
Can someone provide a regex that handles this line in /var/log/secure? I tried a couple of things, and don't seem to get it, even trying to copy and adapt one that's already there. Here's the line:
Nov 11 13:00:01 boston systemd : pam_unix(systemd-user:session): session opened for user root(uid=0) by root(uid=0)
I have blocked the IP address 128.245.64.22 in CSF:
Table Chain num pkts bytes target prot opt in out source destination
No matches found for 128.245.64.22 in iptables
IPSET: Set:chain_DENY Match: 128.245.64.22 Setting: File:/etc/csf/csf.deny
Permanent Blocks (csf.deny): 128.245.0.0/16 # do not delete
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum