Yes, indeed. Search csf.conf for "D?DOS", especially:
SECTION:Port Flood Settings
SECTION:Connection Tracking
SECTION:Distributed Attacks
Search found 80 matches
- 12 Sep 2019, 21:43
- Forum: General Discussion (csf)
- Topic: Novice question about CSF
- Replies: 2
- Views: 2066
- 12 Sep 2019, 02:24
- Forum: General Discussion (csf)
- Topic: Can't stop script alert even after whitelisting folder
- Replies: 2
- Views: 2130
Re: Can't stop script alert even after whitelisting folder
In csf.fignore, does this work?
/tmp/zip-recipes/cache/ed/.*\.php
/tmp/zip-recipes/cache/ed/.*\.php
- 12 Sep 2019, 02:08
- Forum: General Discussion (csf)
- Topic: CSF (not LFD) blocking all incoming except SSH?
- Replies: 4
- Views: 2650
Re: CSF (not LFD) blocking all incoming except SSH?
For the config, using text editor to strip all lines beginning with # reduces length by 72%. Most important lines in this case are: TCP_IN = "25,36,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,26" TCP_OUT = "25,36,37,43,53,80,110,113,443,587,873,2086,2087,...
- 12 Sep 2019, 01:19
- Forum: General Discussion (csf)
- Topic: CSF cxs modsecurity trigger HELP please?
- Replies: 1
- Views: 2690
Re: CSF cxs modsecurity trigger HELP please?
Presuming you have LF_MODSEC enabled in CSF. Please confirm. The way CSF catches MODSEC violations depends on server and modsec versions as well as LF_CXS setting. See RegexMain.pm for details for specific syntax. Presuming you have LF_MODSEC enabled sufficiently, you can mop up violations that CSF ...
- 12 Sep 2019, 00:35
- Forum: General Discussion (csf)
- Topic: How do I restart CSF via crontab?
- Replies: 2
- Views: 2336
Re: How do I restart CSF via crontab?
Have you confirmed the command is working properly by executing it via terminal? Is the issue the command or scheduling it via cron?
- 12 Sep 2019, 00:29
- Forum: General Discussion (csf)
- Topic: CSF (not LFD) blocking all incoming except SSH?
- Replies: 4
- Views: 2650
Re: CSF (not LFD) blocking all incoming except SSH?
Maybe share your csf.conf for some clues. Shouldn't be anything confidential in it, but check to be sure. Also confirm your CSF version.
- 06 Sep 2019, 07:23
- Forum: General Discussion (csf)
- Topic: Port not open
- Replies: 3
- Views: 2485
Re: Port not open
Seems from afar like the service you are expecting at 5200 is not running (there.)
- 05 Sep 2019, 18:47
- Forum: General Discussion (csf)
- Topic: Port not open
- Replies: 3
- Views: 2485
Re: Port not open
Hi! This may be a silly question, but important for troubleshooting. If CSF is not running, is something found at 5200? Is something already confirmed to be running there? I could be wrong about this, but if it is found in iptables and not in lsof or netstat, doesn't that indicate that the firewall ...
- 04 Sep 2019, 20:00
- Forum: General Discussion (csf)
- Topic: csf blocks LDAP
- Replies: 1
- Views: 1793
Re: csf blocks LDAP
Have you seen any log entries for it? What are they?
Do you have it listed in /etc/csf/csf.pignore? If not, try listing it there.
HTH
Do you have it listed in /etc/csf/csf.pignore? If not, try listing it there.
HTH
- 04 Sep 2019, 19:38
- Forum: General Discussion (csf)
- Topic: prevent bruteforces on exim
- Replies: 1
- Views: 2211
Re: prevent bruteforces on exim
Hi Justino! I haven't used it, but it appears you need to enable the SMTPAUTH_RESTRICT option and add those IPs to /etc/csf/csf.smtpauth . Below is the relevant section of csf.conf . ############################################################################### # SECTION:SMTP Settings #############...