ConfigServer Community Forum

Hi,

I think CSF doesn't attention to allow list of IPs when we temporary deny an IP address
But it fails deny when we want to deny normally

Thanks

Hi, i already set email notification to off but seem like i still received notification like almost 1k per day.

May i know how to completely disable all the notification please?

Greetings. I have a Virtualbox with debian 12 freshly installed. I installed CSF but cannot access the UI.

Im following the tutorial at:

The output log of installing is as follows:

sudo sh install.sh

Selecting installer...

Running csf generic installer

Installing generic csf and lfd

Check we're running as root

mkdir: foi criado o diretório '/etc/csf'
'install.txt' ->...

Hi,

Dmesg is flooded by logs like:
OS=0x08 PREC=0x20 TTL=239 ID=54321 PROTO=TCP SPT=49541 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=96:00:03:eb:25:ed:d2:74:7f:6e:37:e3:08:00 SRC=92.255.85.147 DST=138.199.144.66 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=64262 PROTO=TCP SPT=54582 DPT=3364 WINDOW=1024 RES=0x00 SYN URGP=0
Firewall: *TCP_IN Blocked* IN=eth0...

Hi there,

We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;

d=3306|s= #

This has been working fine for a couple of years now.

However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on...

After the most recent DA update (version 1.672). The Admin interface to MSFE gives this error and no other indication.

CSF was fixed by touch /var/lib/csf/csf.da.skip

Is there a fix coming for MSFE'?

We checked the issue with CS Mail Queue Plugin closer with one of our developers and were able to apply the workaround in the same way as it is applied for CSF PlugIn. Added this 2 lines:

unless (-e /var/lib/csf/csf.da.skip ) {
...
}

root@server:~# grep -R -A22 csf.da.skip /usr/local/directadmin/plugins/cmq/exec/da_cmq.cgi
unless (-e /var/lib/csf/csf.da.skip ) {
if ($ENV{SESSION_ID} =~...

I have CSF configured to block SMTP Auth attacks, syntax errors, and POP3/IMAP access attempts. However, none of those appear to be being blocked at present and only SSH attacks appear to be blocked. I've double checked my configuration and it appears to be correct, but it's like CSF is ignoring it. I installed the software with CPanel but that shouldn't be the reason for that I wouldn't think....

Hello to all,
For the last few weeks, when I try to install a WordPress from a cPanel account, I receive this error:
WordPress was installed with errors:
Downloading and unpacking
Impossible to download pack 6.7.1 from

If I stop or restart CSF, it work for a few minutes, but then block again.

In TCP_IN and TCP_OUT, ports 80 and 443 are listed.

What can possibly do this?

Thank you.

Hello ,

This is my first time here , i had joined today to discuss about many email alerts i am receiving since a week or so .

There is 3 types of emails :

1- It is titled by : lfd on *server name* : Suspicious File Alert‏
and contains :

File: /tmp/systemd-private-be537481d81d48b4b230533e9c529e32-ea-php81-php-fpm.service-teQo08/tmp/python3.61
Reason: Linux Binary
Owner: *website-username*...

hi,
i've a cpanel server with regex.custom.pm, but getting ignored and no block

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^(\S+).* HTTP\/.* 403/)) {
return ( 403 bruteforce ,$1, block , 2 , 80,443 , 604800 );
}

CUSTOM1_LOG is
CUSTOM1_LOG = /var/log/apache2/domlogs/*/*
Access log with 403

1.1.1.1 - - HEAD /?play=ulti700?page=1&mqwsaWOeAy&cLLFTOZk59 HTTP/2 403 0 - Mozilla/4.0...

Sarah,
I have this scenario, one customer has a scanner that sends an email from one defined account but the file format that the scanner uses is RAR.
On my server I block RAR files to any one, but on this particular case FAX can't send in another format and I need to allow this email address to deliver such files.

How may I can add the FAX email address to allow to send RAR attachments but not...

csf install on Webmin OS

| SYSTEM INFORMATION||
|------------------------------|-------------------------------|
|OS type and version|AlmaLinux 9.5|
|---|---|
|Webmin version|2.202|

I will likely post this also at the Webmin forums, but just in case it's relevant here, I saw a number of errors and if CSF supply the Webmin install template, a small layout issue after following the...

Hi, I some time receive High load average alerts from lfd. When I open the attachments ps.txt or other ones, looks like it is not a proper text file and everything looks gibberish. I checked the file type and it's detected as file type data application/octet-stream. I also reinstalled csf but that didn't fix my issue. here is what vmstat file looks like in gmail and in text editor....

In searching here I was unable to see whether CSF is compatible with nftables. I only found info on iptables-nft.

My application is cPanel servers running Almalinux, on which firewalld is installed and running on nftables. My question is simply will CSF drop in to that system and run fine? (I would assume yes, that nftables is fully supported, and that no tweaks are needed. But I didn't find the...

Hi,
LF_APACHE_404 not working on cPanel with litespeed.
HTACCESS_LOG is setup with /var/log/apache2/error_log but not working
I've inserted custom regex but no work.

Can you help me to build custom 404 regex on cPanel litespeed?

I have an issue because every day I receive from lfd information about overload my server and logs shows me many connections from Microsoft adress IP. Manual block IP isn’t good because every day is another IP. In Csf I have set two parameters: CONNLIMIT 80;50,443;50 i PORTFLOOD 80;tcp;100;60,443;tcp;100;6 but it doesn’t work. Could you give me any suggest how to resolve this an issue?

I apologize if this is in the wrong area.

On ModSecurity I switched the ruleset from Comodo to OWASP, and now LFD isn't sending the Mod Security notifications to email.

LFD is sending out emails for other notifications.
Have restarted CSF & LFD, and ran csf -ra

Any suggestions are welcome on what to look at.

Thanks

Hi there,

would be very nice if LFD could ignore the files updated by (unattended) APT updates. It would make sense if LDF could ignore these files. When doing manual APT updates it's still ok if you get an LFD email about the system integrity but especially with the unattended updates it's sometimes quite scary getting a LFD email about your system integrity.

Any help to achieve this is...

I'm getting a version check that's telling me the versions of the RSForms mod_rsform and mod_rsform_list are old. It seems to be looking for version at least 3.3.3, but the current version of the module is 3.1.0, according to the RS Joomla site:

RSForm! Pro Module 3.1.0
With this module you can publish your form into a module (template position).

Same thing for the mod_rsforms_list module:...