Search found 10 matches
- 10 Sep 2020, 14:53
- Forum: General Discussion (cxs)
- Topic: Scanning on a non-existent file
- Replies: 6
- Views: 4091
Re: Scanning on a non-existent file
Seeing that these requests often come from exploit scanners, is there a way to instantly delete the uploaded file & add the offending Remote IP address to the blocklist? Instead of wasting precious server resources, analyzing a file that has no business on the server and won't be processed furth...
- 16 Dec 2019, 09:57
- Forum: General Discussion (csf)
- Topic: How to ignore specific email address check
- Replies: 3
- Views: 2013
Re: How to ignore specific email address check
Bumping this question, as I have the same situation. Is there any way to have LFD ignore specific Email addresses triggering an IP block? I tried expanding the Logignore file, but apparently this doesn't have any effect? ... ^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot: imap-login: Aborted login (auth fa...
- 05 Apr 2018, 08:37
- Forum: General Discussion (csf)
- Topic: lfd.service: main process exited
- Replies: 5
- Views: 5662
Re: lfd.service: main process exited
Same issue here, cPanel is able to restart the service, but I'm curious why it gets killed in the first place.
Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.
Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.
- 06 Dec 2016, 11:22
- Forum: Suggestions (csf)
- Topic: LFD should use resident memory instead of virtual memory
- Replies: 4
- Views: 3733
Re: LFD should use resident memory instead of virtual memory
I vote +1 on the PT_USERMEM_RSS feature request as people tend to just put (php) processes on the ignore list to "get rid of the emails". Reports that PHP scripts are infact using too much *resident* memory are much more helpful than reporting 'high' Virtual Memory. I would change my lfd s...
- 16 Jun 2016, 08:38
- Forum: General Discussion (csf)
- Topic: Advanced port+ip filtering
- Replies: 3
- Views: 3352
Re: Advanced port+ip filtering
No word on automatically having only *ports* blocked for IP addresses? I tried via commandline: But that doesn't seem to have proper effect. I do not want to go the TEMP DENY route, as those blocks are lifted on csf restart:
Code: Select all
csf -d d=22|s=X.X.X.X
Code: Select all
csf -td X.X.X.X 9999d -p 22 [comment]
- 18 May 2016, 14:59
- Forum: General Discussion (csf)
- Topic: Advanced port+ip filtering
- Replies: 3
- Views: 3352
Re: Advanced port+ip filtering
Bumping this as I, too, would like to know.
And additionally, is there a way to set CSF to automatically block on a port basis, rather than IP basis? Just because someone is hammering our SMTP port doesn't mean they should be denied access to our web server...
And additionally, is there a way to set CSF to automatically block on a port basis, rather than IP basis? Just because someone is hammering our SMTP port doesn't mean they should be denied access to our web server...

- 19 Feb 2016, 08:42
- Forum: Suggestions (csf)
- Topic: CSF Messenger request feature
- Replies: 1
- Views: 2462
Re: CSF Messenger request feature
I second this request, rather than opening a new feature request, I'm bumping this here. Seeing the Messenger Service is (and should remain) quite a basic application with low footprint, perhaps a workaround would be (for the HTML Messenger) to include javascript code that'll load an <IP_ADDRESS>.js...
- 04 Aug 2015, 10:27
- Forum: General Discussion (csf)
- Topic: x-forwarded-for headers for load balancers with dynamic ips
- Replies: 2
- Views: 2428
Re: x-forwarded-for headers for load balancers with dynamic ips
This question is somewhat related to one from dec 2014 . I too am looking for a way to further check the X-Forwarded-For header's IP address, in my case especially when the Remote_Addr's IP address is whitelisted already. Is there any way to inspect the X-Forwarded-For header (or alternatives, like ...
- 25 Mar 2013, 12:20
- Forum: General Discussion (csf)
- Topic: Excessive resource usage notifications
- Replies: 3
- Views: 8728
Re: Excessive resource usage notifications
That's happening because cPanel moved to using their own perl build in v11.36 and the cPanel log processing drops privileges to each user as it processes them. Ok, so the account mentioned in the lfd High Resource Usage reports is only that momentarily active privilege-dropped user, as opposed to t...
- 22 Mar 2013, 08:44
- Forum: General Discussion (csf)
- Topic: Excessive resource usage notifications
- Replies: 3
- Views: 8728
Re: Excessive resource usage notifications
Seeing as there has been no reply and in the off chance that this is related, me and more cPanel/LFD users have started getting excessive resource usage notifications, specifically related to the cpanellogd process. Here's an excerpt, reporting an outrageous runtime: Time: Thu Mar 21 13:15:10 2013 +...