Hi, in this day my server is under spam attack, for this reason i have activated a Gateway guard solution to my MX Records.
Some spam maybe are able to bypass MX record so continue to arrive on my inbox.
I need ask to the CSF Firewall to deny all IP except some IP who will be this MX Guard IP.
How i can do this?
I have a domain that crawls a lot of other domains. For sites that have a lot of urls to crawl I get a permanent block do to CT_LIMIT being reached. I know i can add the IP addresses for them in csf.allow, but this doesn't work as my site is a SaaS and needs to allow lots of different IP addresses. Is there a way for me to have this one domain not monitored for CT_LIMIT?
I am currently evaluating CSF / LFD, I have a colleague that put me on CSF, and he claims that:
CSF/LFD it could warn/block on *successful* logins from multiple IPs.
I just want to double check with community if that is true. I don't know if it is in my heads, but it just seems a little hard to be true. Or back to front thinking , for surely tools like LFD / fail2ban etc monitor...
After updating Monitored Services in WHM / Service Manager I got an error when Saving / Restarting.
Waiting for “mailscanner” to start ……waiting for “mailscanner” to initialize ………failed.
Cpanel::Exception::Services::StartError Service Status
(XID eckgdv) The “mailscanner” service failed to start....
We're trying to route all traffic on our server through Sucuri's networks, and for the most part that's worked with the following entries in /etc/csf/csf.allow (IPs listed below are not private, they are owned by Sucuri and publically accessible):
tcp|in|d=80|s=18.104.22.168/23 # Sucuri Range
tcp|in|d=80|s=22.214.171.124/24 # Sucuri Range
tcp|in|d=80|s=126.96.36.199/22 # Sucuri Range...
I have set up the following which someone may find useful:
2 x CSF Master in HA with 1 virtual IP - the master config has ALL slave server IP addresses and cluster key
100 CSF slave servers with ONLY the master ip in the clsuter settings + cluster key
A Master script which runs as a daemon and monitors the LFD log to rebroadcast only APPROVED commands to all slaves.