ConfigServer Community Forum

Hi all,

On a new server with CSF installed and 21 port opened I can’t connect to the server. It tries but is not listing the directory files. Once I turn off the CSF it works fine.

Under messages this is the relevant (I guess ?) part (I swapped IPs etc):

Aug 25 10:48:25 client516 kernel: Firewall: TCP_IN Blocked IN=ens3 OUT= MAC=MACaddress SRC=MyLocalIP DST=MyServerIP LEN=64 TOS=0x00 PREC=0x00...

Hello,
i have install a new server with centos 8 and csf and i have see very bad network performance.
When i disable csf, the performance is good.

In order to confirm the issue i have do this tests:

both servers is empty without any other vps. Also the storage i use have no load at all during tests.

server 1:
Xeon® E-2176G
64G ram
NVME hard disks
Proxmox 6.2-10

server 2:
Ryzen 9 3900
128G...

I have had a series of people visit my server to set up bogus accounts. I have blocked their ip addresses in csf, yet they are able to come back in with those same addresses and continue their malicious ways. I have confirmed the address is in the deny file. Server is Centos 7.6 running cpanel with csf and lfd installed. Any suggestions?

Hello, I'm using Cpanel/CSF with SMTP_BLOCK active.

I have two hosting accounts that must connect to google.com and elasticemail.com to send email.

The first account mysite1 is connecting to google correctly and sending messages, but the second account, the CSF is blocking from connecting to elasticemail.com

My CSF settings are

The SMTP Restrictions from Cpanel is disable.

SMTP_BLOCK = 1...

I have this setup to check every hour...is it possible to have it email when there is a detection that the ip is flagged?

right now i get the email with the OK but its just too much for every hour...

thanks

This has been going on since the 14.04 update. However, i thought it would be patched by now.
It loops the error until you disable the CDF and Lfd.
Any ideas would be appericated
CentOS 7.8

Startup Log Aug 13 11:56:43 ###OMITTED### systemd : Starting ConfigServer Firewall & Security - lfd...
Aug 13 11:56:44 ###OMITTED### lfd : syntax error at /usr/sbin/lfd line 7519, at EOF
Aug 13 11:56:44...

Hi all,
I just wondered can I configure things so I can run with smtp_block enabled but allow a specific I.p to bypass the block.

The system is Ubuntu 18.04 with Exim4

I have a bill manager running on another server ( Centos) with no smtp server, It's configured to use an account on the Ubuntu server to send emails. The account it uses is on the Ubuntu server and I've tried allowing the user...

Ubuntu 20.04.1 LTS

I'm not a new user for CSF and recently i installed this software in new Ubuntu 20.04.1 LTS device.
The installation process and testing worked fine. No issues appeared. After that changed mode from 1 to 0 in conf then got a one problem.

Fail to update ubuntu system. `sudo apt update` it shows unable to connect (using ubuntu regional) however web browsing etc worked fine....

Hi all,

I have some ASN that are thoroughly obnoxious and I want to block them.

I notice that CC_DENY can accept AS numbers in place of country ISO codes so I implemented what I thought would work and.....

It does not! LFD just triggered from one of those hosts.

Here is what I did:

# cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
# rpm -qa | grep ipset...

Just installed on a new Ubuntu 20 desktop. It turns out that Ubuntu has the iptables binaries in /usr/sbin/ now instead of /sbin/ .

On installing csf with the install.sh script, it failed to pick this up and the iptables locations in the csf.conf file were left as /sbin/

When these were changed manually the perl test script still fails to locate iptables.
sudo perl...

Hello,

Has the idea of a rule cluster been explored?

I think it would great if we could use cPanel API tokens to have servers share their deny/allow rules or deny IP list with others servers in a cluster of servers since attacks often travel along IP ranges and what not.

Maybe a caching system that you can set the frequency of deny IP sharing.

And to stack on top of the idea of clustering,...

Hello,

im Using cPanel + Litessped + Modesecurity Rules ( Imunify360 LiteSpeed Rule Set )

ttps://files.imunify360.com/static/modsec/v2/meta_imunify360-full-litespeed.yaml

i enabled Modsec Trigger on CSF :

LF_MODSEC = 1
LF_MODSEC_PERM = 3600

Also i see Hits on :

Home »Security Center »ModSecurity™ Tools »Hits List :

2020-08-01 00:17:16 arakfelezisatis.com 95.188.147.134 WARNING 403...

Hello good afternoon, I open this topic because I am having blocks from my cPanel server to my AD through TCP port 389. In the CSF firewall I already added the IP of the AD server in a white list and also allowed TCP and UDP port 389 in the input and output, but even with those settings the connection blocks continue. I send the log that is generated:

Jul 31 11:40:01 cpanel kernel: Firewall:...

Hi

I am running csf on my centos 7.

I am looking to whitelist port range what is the possible way to do so as I am new with CSF.
I am running csf v14.04.

I have added one line to white list port in csf.allow but its not working for me which is as below

tcp|in|d=7770:7800|s=192.168.16.17/28

Thanks

Hi,
Please, I need help from a member.
Every day, recurrently, temporary IP entries block the IP of the Smartphone of my clients.
I am daily dialing Smartphone IP in the White List. It takes up a lot of time, and I have approximately 450 whitelisted IP. This can slow down the server I guess.
I don't know how I should configure so that this doesn't keep happening.
Your help will be highly...

It seems that unless you put the following in ui.allow:

127.0.0.1 # localhost

... lfd won't allow browsers on localhost to connect (connection is reset). As localhost is automatically whitelisted in other places with CSF/LFD, surely it should be auto-whitelisted for the UI?

Hello,

ENV: Centos 8, Csf 14.04, iptables enable.

I have tried to block a spammer, who installed a cron script to populate every ten and every eleven minutes in logfiles of my server with following:

FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffriends.png
FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffind.png

Instead of using modsecurity, I...

Hello,

In following message there is a bug:

*Error* IPSET:
CC: Repopulating ipset cc_6_ua with IP addresses from
IPSET: loading set new_6_ua with 0 entries
IPSET: switching set new_6_ua to cc_6_ua

Hi,

how can I stop firewall alert notifications on the system?

I am using a CSF firewall with Centos 7, due to security reasons I blocked SSH port access since I had KVM access.

now the issue is the KVM viewer becomes so messed up ... the alerts keep popping up even if I open nano or vi editors.

The ICMP settings are disabled via cPanel/WHM as well.

Image Reference

I think it will be a long time before counties are assigned IP blocks :) so you may want to change the spelling to 'Country's' on the config file for CSF:
An example would be to list port 21 here then counties listed in
CC_DENY_PORTS cannot access FTP