I'm not sure if anyone else is seeing the same trend, but i am noticing a massive increase in wp-login attempts lately. This is something i see in the logs of most domains across most, if not all my hosting servers. The originating countries are all over the world; USA, UK Germany Vietnam, Indonesia to Brasil.
Some domains have login attempt from a staggering 5000~6000 unique IP...
Currently the following IP's are configured in CSF for cPanel support:
22.214.171.124 # cPanel Auth Server
126.96.36.199 # cPanel Auth Server
188.8.131.52 # cPanel Auth Server
184.108.40.206 # cPanel Auth Server
220.127.116.11 # cPanel Auth Server
18.104.22.168 # cPanel Auth Server
Upon opening a new ticket last week, we were advised that their support address block has changed to:
Hi. I'm wondering if there's a way to not receive warnings for, say, ssh-agent for a specific user. I know that I can ignore all processes by a user, and all warnings for a specific executable, but is there a way to combine the two and ignore a specific process by a specific user?
I have a domain that crawls a lot of other domains. For sites that have a lot of urls to crawl I get a permanent block do to CT_LIMIT being reached. I know i can add the IP addresses for them in csf.allow, but this doesn't work as my site is a SaaS and needs to allow lots of different IP addresses. Is there a way for me to have this one domain not monitored for CT_LIMIT?
I am currently evaluating CSF / LFD, I have a colleague that put me on CSF, and he claims that:
CSF/LFD it could warn/block on *successful* logins from multiple IPs.
I just want to double check with community if that is true. I don't know if it is in my heads, but it just seems a little hard to be true. Or back to front thinking , for surely tools like LFD / fail2ban etc monitor...
After updating Monitored Services in WHM / Service Manager I got an error when Saving / Restarting.
Waiting for “mailscanner” to start ……waiting for “mailscanner” to initialize ………failed.
Cpanel::Exception::Services::StartError Service Status
(XID eckgdv) The “mailscanner” service failed to start....
We're trying to route all traffic on our server through Sucuri's networks, and for the most part that's worked with the following entries in /etc/csf/csf.allow (IPs listed below are not private, they are owned by Sucuri and publically accessible):
tcp|in|d=80|s=22.214.171.124/23 # Sucuri Range
tcp|in|d=80|s=126.96.36.199/24 # Sucuri Range
tcp|in|d=80|s=188.8.131.52/22 # Sucuri Range...
I have latest csf/lfd running on CloudLinux 6 with cPanel. The problem I started experiencing is that without any reason csf blocks all ipv4 access to the server. This repeated 2 times already. When it happens I can see the following in the lfd logs:
May 23 23:53:36 wp03 lfd : Global DynDNS - update IP addresses
May 23 23:53:36 wp03 lfd : Global DynDNS: Lookup for failed
May 24 00:00:03...
I have set up the following which someone may find useful:
2 x CSF Master in HA with 1 virtual IP - the master config has ALL slave server IP addresses and cluster key
100 CSF slave servers with ONLY the master ip in the clsuter settings + cluster key
A Master script which runs as a daemon and monitors the LFD log to rebroadcast only APPROVED commands to all slaves.