Search found 39 matches

Search found 39 matches Page 1 of 4
by Black Tiger
09 Oct 2019, 01:44
Forum: General Discussion (csf)
Topic: systemd-logind: Failed to remove runtime directory /run/user/0: Device or resource busy
Replies: 1
Views: 253

Curious about this too. We have a VPS running which has this issue too. About every minute a logfile entry with this. Also tried the commands: [root@vps: ~]# fuser -m /run/user/0 [root@vps: ~]# fuser -a /run/user/0 /run/user/0: [root@vps: ~]# no result, can't find the cause either. So if anyone woul...
by Black Tiger
13 Oct 2018, 13:59
Forum: General Discussion (csf)
Topic: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Replies: 5
Views: 823

No as far as I know if you change ports_sshd to a custom port then the custom port will be protected like port 22 was.
by Black Tiger
13 Oct 2018, 13:37
Forum: General Discussion (csf)
Topic: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Replies: 5
Views: 823

You're welcome.

CSF does not only log but also blocks the user which makes the attempts. That is the default behaviour.
The mail you get is always to notify you that a user has been blocked because of the attempts.

Or maybe I do not understand you correctly.
by Black Tiger
13 Oct 2018, 02:45
Forum: General Discussion (csf)
Topic: Unblock Outgoing SSH Connection
Replies: 1
Views: 436

I have no issues with this.
You did restart sshd after changing the port and also added the custom port in the tcp_in and tcp_out in csf.conf and restarted csf in the receiving server?
by Black Tiger
13 Oct 2018, 02:31
Forum: General Discussion (csf)
Topic: change command iptables to csf
Replies: 1
Views: 472

If you want to run them after csf has run, then create a file called /etc/csf/csfpost.sh and add the lines in there. If you want them applied before CSF runs, create a file called /etc/csf/csfpre.sh and add the lines in there. In both cases you ofcourse have to restart csf after creating or changing...
by Black Tiger
13 Oct 2018, 02:21
Forum: General Discussion (csf)
Topic: Is safe to change SSH port? Can i tell to CSF what port for SSH is used?
Replies: 5
Views: 823

Oh this is a fun one. Yes ofcourse you can change the SSH port, but do add the custom port in csf.conf incoming and outgoing first, before you start using it. If you also keep port 22 in csf.conf, then CSF will keep monitoring port 22 and you can set up a decent block rule because often they will ke...
by Black Tiger
17 Aug 2018, 14:50
Forum: General Discussion (csf)
Topic: Gmail blocked for dist. smtp logins
Replies: 0
Views: 571

Today several gmail servers were blocked for distributed SMTP Logins on a user account. Fact was this user was sending an invitation from her Gmail address via her domain on our servers to several friends of her. This should not be blocked, because it's a valid login. But several Gmail ip's got bloc...
by Black Tiger
28 Mar 2018, 14:09
Forum: General Discussion (csf)
Topic: Suspicious File Alert
Replies: 3
Views: 5104

You have to bump a 5 year old question for that? Should have created a new thread for it. Next to that, it's easy to find if you read the config file. I would advise against it, but it can be done by setting these settings like this: PT_LIMIT = "0" PT_DELETED = "1" Don't forget to restart csf and lf...
by Black Tiger
09 Jun 2017, 00:43
Forum: General Discussion (csf)
Topic: TCP_IN Blocked portscan : 1 source MAC for differents IP over the world ?
Replies: 1
Views: 738

MAC? Oh yeah. I had the same issue with a Mac user. It might be the same problem your user is having. Mine had an older version of the Mac OS. The older mail version on that OS try's to login in to *any* mail port available when checking for new mail. Combined with the fact that some fools set their...
by Black Tiger
16 Nov 2016, 13:53
Forum: Suggestions (csf)
Topic: LF_TEMPBLOCK_ALERT option
Replies: 1
Views: 955

CSF is great but I'm missing a "LF_TEMPBLOCK_ALERT = x" option. You can use the LF_EMAIL_ALERT or LF_PERMBLOCK_ALERT options, but since permblocks won't be automatically removed (normally) and I do want to be alerted about other options (which I guess more people would like), the tempblock option is...
Search found 39 matches Page 1 of 4