ConfigServer Community Forum

Seeing that these requests often come from exploit scanners, is there a way to instantly delete the uploaded file & add the offending Remote IP address to the blocklist? Instead of wasting precious server resources, analyzing a file that has no business on the server and won't be processed furth...

Bumping this question, as I have the same situation. Is there any way to have LFD ignore specific Email addresses triggering an IP block? I tried expanding the Logignore file, but apparently this doesn't have any effect? ... ^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot: imap-login: Aborted login (auth fa...

Same issue here, cPanel is able to restart the service, but I'm curious why it gets killed in the first place.

Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.

I vote +1 on the PT_USERMEM_RSS feature request as people tend to just put (php) processes on the ignore list to "get rid of the emails". Reports that PHP scripts are infact using too much *resident* memory are much more helpful than reporting 'high' Virtual Memory. I would change my lfd s...

No word on automatically having only *ports* blocked for IP addresses? I tried via commandline: But that doesn't seem to have proper effect. I do not want to go the TEMP DENY route, as those blocks are lifted on csf restart:

Bumping this as I, too, would like to know.

And additionally, is there a way to set CSF to automatically block on a port basis, rather than IP basis? Just because someone is hammering our SMTP port doesn't mean they should be denied access to our web server...

I second this request, rather than opening a new feature request, I'm bumping this here. Seeing the Messenger Service is (and should remain) quite a basic application with low footprint, perhaps a workaround would be (for the HTML Messenger) to include javascript code that'll load an <IP_ADDRESS>.js...

This question is somewhat related to one from dec 2014 . I too am looking for a way to further check the X-Forwarded-For header's IP address, in my case especially when the Remote_Addr's IP address is whitelisted already. Is there any way to inspect the X-Forwarded-For header (or alternatives, like ...

That's happening because cPanel moved to using their own perl build in v11.36 and the cPanel log processing drops privileges to each user as it processes them. Ok, so the account mentioned in the lfd High Resource Usage reports is only that momentarily active privilege-dropped user, as opposed to t...

Seeing as there has been no reply and in the off chance that this is related, me and more cPanel/LFD users have started getting excessive resource usage notifications, specifically related to the cpanellogd process. Here's an excerpt, reporting an outrageous runtime: Time: Thu Mar 21 13:15:10 2013 +...