Search found 8 matches
- 19 Oct 2012, 13:09
- Forum: Suggestions (csf)
- Topic: CSF not blocking proftpd brute force on Parallels H-Sphere
- Replies: 1
- Views: 3439
CSF not blocking proftpd brute force on Parallels H-Sphere
Good day: Parallels H-Sphere logs to /var/log/proftpd/current for proftpd The format for no such users is as below: @4000000050813b0f0dc55a3c OUR_SERVER_IP (119.131.139.79[119.131.139.79]) - USER .DOMAIN_NAME: no such user found from 119.131.139.79 [119.131.139.79] to OUR_SERVER_IP:21 @4000000050813...
- 07 Aug 2012, 16:39
- Forum: Suggestions (csf)
- Topic: c s f -d does not check the csf.ignore
- Replies: 4
- Views: 6375
Re: c s f -d does not check the csf.ignore
Good day: My understanding of csf.ignore is that only LFD interacts with it; and it is more or less a form of a white list. It does not open any ports that are not otherwise unopen for those IP's... it just doesn't ban them if LFD detects something that would be banable. This means direct commands l...
- 24 Jul 2012, 03:13
- Forum: General Discussion (csf)
- Topic: DENY_IP_LIMIT
- Replies: 4
- Views: 6891
Re: DENY_IP_LIMIT
Good day: One area of caution is that the more ip's in deny, the more RAM you are going to be using on the box. I used CSF to block a small DDoS attack that was using close to 8,000 IP addresses in the attack... thankfully the server had the RAM, but CSF used between 12 and 14 GB of RAM with that ma...
- 05 Jul 2012, 15:46
- Forum: Suggestions (csf)
- Topic: Save quick allow and quick deny IP
- Replies: 1
- Views: 2821
Re: Save quick allow and quick deny IP
Good day:
I could be wrong, but aren't the allows in /etc/csf/csf.allow and the deny's in /etc/csf/csf.deny ?
And when the server crash / reboot, those files are re-read?
Thank you.
I could be wrong, but aren't the allows in /etc/csf/csf.allow and the deny's in /etc/csf/csf.deny ?
And when the server crash / reboot, those files are re-read?
Thank you.
- 05 Jul 2012, 15:03
- Forum: General Discussion (csf)
- Topic: FTP Access being blocked
- Replies: 2
- Views: 3804
Re: FTP Access being blocked
Good day:
If FTP works fine when you have your IP in /etc/csf/csf.allow then check /etc/csf/csf.conf that you allow incoming TCP 20 and 21 for both IPv4 and IPv6.
If you make any changes to csf.conf remember to do the following:
Thank you.
If FTP works fine when you have your IP in /etc/csf/csf.allow then check /etc/csf/csf.conf that you allow incoming TCP 20 and 21 for both IPv4 and IPv6.
If you make any changes to csf.conf remember to do the following:
Code: Select all
csf -r
service lfd restart
- 01 Jul 2012, 16:04
- Forum: Suggestions (csf)
- Topic: Please add a NOLOG option
- Replies: 2
- Views: 3810
Re: Please add a NOLOG option
Good day: Thank you for pointing this out. I appreciate your time and what you've done with CSF. I believe this would be the setting to exclude all email ports from port scan tracking: PS_PORTS = "0:24,26:109,111:142,144:464,466:586,588:992,994,996:65535,ICMP" It leaves out ports 25, 110, ...
- 01 Jun 2012, 14:07
- Forum: Suggestions (csf)
- Topic: Please add a NOLOG option
- Replies: 2
- Views: 3810
Please add a NOLOG option
Good day: csf.conf has DROP_NOLOG which modifies the firewall and does not log. Please consider adding a NOLOG option where I can list ports whose existing firewall options are not logged. For example: NOLOG="25" Let state I have a web server where I want to allow outgoing TCP 25, but no i...
- 31 May 2012, 18:35
- Forum: Suggestions (csf)
- Topic: Suggestion for ARF Reporting
- Replies: 4
- Views: 5137
Suggestion for ARF Reporting
Good day:
Please consider adding the ability for CSF to automatically send the ARF report to the abuse email address of the authorized party who has control over the IP address involved in the abuse.
Thank you!
Please consider adding the ability for CSF to automatically send the ARF report to the abuse email address of the authorized party who has control over the IP address involved in the abuse.
Thank you!