Search found 197 matches
- 04 Nov 2022, 12:24
- Forum: Suggestions (csf)
- Topic: Add journald support
- Replies: 1
- Views: 3873
Add journald support
Most new operating systems are switching to journald instead of syslog for logging as it provides a much needed unified interface for logging. It would be good if CSF could support this similar to fail2ban. fail2ban: https://unix.stackexchange.com/questions/268357/how-to-configure-fail2ban-with-syst...
- 12 Oct 2022, 10:40
- Forum: Suggestions (csf)
- Topic: Ability to disable SSLv3 / TLS1.0 for Messenger
- Replies: 2
- Views: 3610
Re: Ability to disable SSLv3 / TLS1.0 for Messenger
Why not just enable MESSENGERV3 in CSF then LFD won't have to spawn up its own service and will just use your Apache service (which will pass any PCI compliance scans if configured correctly).
- 12 Oct 2022, 10:31
- Forum: Report Bugs (csf)
- Topic: CSF blocking own short IPv6 address on Centos 8
- Replies: 4
- Views: 7340
Re: CSF blocking own short IPv6 address on Centos 8
Unfortunately this is seems to be still happening on some servers with a normal IPv4 addresses (This server is ubuntu 20.04). 78.46.65.XXX is the servers own primary IP address. They are running csf: v14.17 (generic) From the lfd log: Oct 10 22:45:26 srv lfd[66827]: (CT) IP 78.46.65.XXX (DE/Germany/...
- 04 Feb 2022, 10:26
- Forum: General Discussion (csf)
- Topic: Disabling IMAP LFD for a single user
- Replies: 1
- Views: 697
Re: Disabling IMAP LFD for a single user
Your best bet is to enable the messenger service. Then you can have links in the messenger templates explaining why they are banned and what they can do to correct it.
- 04 Feb 2022, 10:24
- Forum: General Discussion (csf)
- Topic: ModSecurity: Access denied with code 200, [Rule: 'REQUEST_COOKIES|!REQUEST_COOKIES
- Replies: 2
- Views: 1002
Re: ModSecurity: Access denied with code 200, [Rule: 'REQUEST_COOKIES|!REQUEST_COOKIES
That site is storing cookie information that your modsecurity rules think are a "Remote Command Execution: Unix Command Injection". You need to disable that rule for the site or figure out what is dropping that cookie and remove it (if its an addon).
- 04 Feb 2022, 10:19
- Forum: Suggestions (csf)
- Topic: Please add backup for csf.deny file
- Replies: 2
- Views: 4862
Re: Please add backup for csf.deny file
There is no need for this. Remember that the csf .deny file supports include statements like Include /etc/csf/csf.custom.deny where you can store all your own custom entries.
- 27 Jan 2022, 11:30
- Forum: General Discussion (csf)
- Topic: Auto blocking of IPS and reporting to AbuseIPDB
- Replies: 1
- Views: 976
Re: Auto blocking of IPS and reporting to AbuseIPDB
Look at the DENY_IP_LIMIT and CT_PERMANENT options in /etc/csf/csf.conf. By default CT_PERMANENT is set to 0 meaning that connection tracking blocks are only temporary. Also If you set CT_PERMANENT to 1 then they will be permanent and will still rotate out depending on your DENY_IP_LIMIT.
- 24 Jan 2022, 13:45
- Forum: General Discussion (csf)
- Topic: Login failure daemon crashes under heavy attack
- Replies: 2
- Views: 1495
Re: Login failure daemon crashes under heavy attack
This is what the processes look like at the time: root@server:~# ps aux | grep lfd root 2829470 21.3 0.1 46976 36912 ? Ss 15:42 0:06 lfd - sleeping root 2829834 0.0 0.0 8112 596 pts/2 S+ 15:42 0:00 tail -f /var/log/lfd.log root 2834890 2.5 0.1 48876 36864 ? S 15:42 0:00 lfd - (child) blocking 162.15...
- 24 Jan 2022, 13:31
- Forum: General Discussion (csf)
- Topic: Login failure daemon crashes under heavy attack
- Replies: 2
- Views: 1495
Login failure daemon crashes under heavy attack
Under heavy attacks the login failure daemon will constantly restart with the error: *Error* Excessive number of children (344), restarting lfd... Unfortunately some times LFD doesn't come back after restarting and errors with: *Error* pid mismatch or missing, at line 1161 Here is a sample from the ...
- 21 Jan 2022, 11:35
- Forum: General Discussion (csf)
- Topic: Turn off Excessive resource usage email notification
- Replies: 5
- Views: 2710
Re: Turn off Excessive resource usage email notification
Look at the PT_USERKILL and PT_USERKILL_ALERT options in /etc/csf/csf.conf