ConfigServer Community Forum

Yes, indeed. Search csf.conf for "D?DOS", especially:
SECTION:Port Flood Settings
SECTION:Connection Tracking
SECTION:Distributed Attacks

In csf.fignore, does this work?
/tmp/zip-recipes/cache/ed/.*\.php

For the config, using text editor to strip all lines beginning with # reduces length by 72%. Most important lines in this case are: TCP_IN = "25,36,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,26" TCP_OUT = "25,36,37,43,53,80,110,113,443,587,873,2086,2087,...

Presuming you have LF_MODSEC enabled in CSF. Please confirm. The way CSF catches MODSEC violations depends on server and modsec versions as well as LF_CXS setting. See RegexMain.pm for details for specific syntax. Presuming you have LF_MODSEC enabled sufficiently, you can mop up violations that CSF ...

Have you confirmed the command is working properly by executing it via terminal? Is the issue the command or scheduling it via cron?

Maybe share your csf.conf for some clues. Shouldn't be anything confidential in it, but check to be sure. Also confirm your CSF version.

Seems from afar like the service you are expecting at 5200 is not running (there.)

Hi! This may be a silly question, but important for troubleshooting. If CSF is not running, is something found at 5200? Is something already confirmed to be running there? I could be wrong about this, but if it is found in iptables and not in lsof or netstat, doesn't that indicate that the firewall ...

Have you seen any log entries for it? What are they?
Do you have it listed in /etc/csf/csf.pignore? If not, try listing it there.

HTH

Hi Justino! I haven't used it, but it appears you need to enable the SMTPAUTH_RESTRICT option and add those IPs to /etc/csf/csf.smtpauth . Below is the relevant section of csf.conf . ############################################################################### # SECTION:SMTP Settings #############...