Search found 10 matches

by bouvrie
10 Sep 2020, 14:53
Forum: General Discussion (cxs)
Topic: Scanning on a non-existent file
Replies: 6
Views: 4909

Re: Scanning on a non-existent file

Seeing that these requests often come from exploit scanners, is there a way to instantly delete the uploaded file & add the offending Remote IP address to the blocklist? Instead of wasting precious server resources, analyzing a file that has no business on the server and won't be processed furth...
by bouvrie
16 Dec 2019, 09:57
Forum: General Discussion (csf)
Topic: How to ignore specific email address check
Replies: 3
Views: 2203

Re: How to ignore specific email address check

Bumping this question, as I have the same situation. Is there any way to have LFD ignore specific Email addresses triggering an IP block? I tried expanding the Logignore file, but apparently this doesn't have any effect? ... ^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ dovecot: imap-login: Aborted login (auth fa...
by bouvrie
05 Apr 2018, 08:37
Forum: General Discussion (csf)
Topic: lfd.service: main process exited
Replies: 5
Views: 5967

Re: lfd.service: main process exited

Same issue here, cPanel is able to restart the service, but I'm curious why it gets killed in the first place.

Looks like I have too many IP blocks (iptables busy waiting), and the csf.error mentions I should use IPSET. Guess that will be the solution.
by bouvrie
06 Dec 2016, 11:22
Forum: Suggestions (csf)
Topic: LFD should use resident memory instead of virtual memory
Replies: 4
Views: 3989

Re: LFD should use resident memory instead of virtual memory

I vote +1 on the PT_USERMEM_RSS feature request as people tend to just put (php) processes on the ignore list to "get rid of the emails". Reports that PHP scripts are infact using too much *resident* memory are much more helpful than reporting 'high' Virtual Memory. I would change my lfd s...
by bouvrie
16 Jun 2016, 08:38
Forum: General Discussion (csf)
Topic: Advanced port+ip filtering
Replies: 3
Views: 3536

Re: Advanced port+ip filtering

No word on automatically having only *ports* blocked for IP addresses? I tried via commandline:

Code: Select all

csf -d d=22|s=X.X.X.X
But that doesn't seem to have proper effect. I do not want to go the TEMP DENY route, as those blocks are lifted on csf restart:

Code: Select all

csf -td X.X.X.X 9999d -p 22 [comment]
by bouvrie
18 May 2016, 14:59
Forum: General Discussion (csf)
Topic: Advanced port+ip filtering
Replies: 3
Views: 3536

Re: Advanced port+ip filtering

Bumping this as I, too, would like to know.

And additionally, is there a way to set CSF to automatically block on a port basis, rather than IP basis? Just because someone is hammering our SMTP port doesn't mean they should be denied access to our web server... :confused:
by bouvrie
19 Feb 2016, 08:42
Forum: Suggestions (csf)
Topic: CSF Messenger request feature
Replies: 1
Views: 2601

Re: CSF Messenger request feature

I second this request, rather than opening a new feature request, I'm bumping this here. Seeing the Messenger Service is (and should remain) quite a basic application with low footprint, perhaps a workaround would be (for the HTML Messenger) to include javascript code that'll load an <IP_ADDRESS>.js...
by bouvrie
04 Aug 2015, 10:27
Forum: General Discussion (csf)
Topic: x-forwarded-for headers for load balancers with dynamic ips
Replies: 2
Views: 2576

Re: x-forwarded-for headers for load balancers with dynamic ips

This question is somewhat related to one from dec 2014 . I too am looking for a way to further check the X-Forwarded-For header's IP address, in my case especially when the Remote_Addr's IP address is whitelisted already. Is there any way to inspect the X-Forwarded-For header (or alternatives, like ...
by bouvrie
25 Mar 2013, 12:20
Forum: General Discussion (csf)
Topic: Excessive resource usage notifications
Replies: 3
Views: 8964

Re: Excessive resource usage notifications

That's happening because cPanel moved to using their own perl build in v11.36 and the cPanel log processing drops privileges to each user as it processes them. Ok, so the account mentioned in the lfd High Resource Usage reports is only that momentarily active privilege-dropped user, as opposed to t...
by bouvrie
22 Mar 2013, 08:44
Forum: General Discussion (csf)
Topic: Excessive resource usage notifications
Replies: 3
Views: 8964

Re: Excessive resource usage notifications

Seeing as there has been no reply and in the off chance that this is related, me and more cPanel/LFD users have started getting excessive resource usage notifications, specifically related to the cpanellogd process. Here's an excerpt, reporting an outrageous runtime: Time: Thu Mar 21 13:15:10 2013 +...