CentOS 6
No changes to CSF for some time.
Recently began getting an error when the daily cron job runs:
/usr/sbin/csf -u

Oops: Unable to download: write failed: Connection timed out

I've tried searching for solutions, but nothing pops out a me. Again, I'd not made any changes prior to this failing. It started failing sometime in the last week or so.

I have a lot of countries blocked, and have...

Hello,

Can anyone suggest me how to block .xz file extensions? I already edited filename.rules.conf with this new line

deny \.xz$ - -

but still not working. Can anyone please help? Thanks!

Hi,

I am having a weird problem with the lfd daemon in Directadmin. I installed csf+lfd as a plugin, and it seems to be running just fine. If I look at the service monitor, however, lfd shows up as using 0 bytes memory (despite having a PID). When I click on reload, I get the following error message:

An error has occurred

Details

/usr/bin/systemctl reload lfd.service 2>&1

Show lfd status......

Hello,

Since update 12.10 we have white pages when clicking on CSF in WHM sometimes. cpanel error log comes back with the following error ;
warn The subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/configserver/csf.cgi) exited with an error: The subprocess ended prematurely because it received the PIPE (13) signal. at /usr/local/cpanel/Cpanel/Server/Handlers/SubProcess.pm line 251....

It seems that Spamassassin has started writing files to a /tmp directory and I regularly get messages from lfd saying there's a suspicious file alert because of files like /tmp/.spamassassin6685u9JYgNtmp

Is it really that suspicious though? Presumably the directory has been created by Spamassassin. What's the best way to quell these alerts?

Hi,

When i check server security in CSF one of result is about

Apache Check : HTTP Binary not found or not executable

i can't understand how can solved this issue. i contact with my host provider and don't any thing for me. who know about this problem?

Thank you.

I was wondering if it might be possible for me to code (using PHP ideally) a solution where users can input their IP into a form and have this added to the whitelist automatically?

Obviously the form would ONLY be available to authorised customers and on a separate IP.

Following are the server logs..

Mar 27 04:02:56 lfd : Failed SMTP AUTH login from 141.98.80.17 - ignored
Mar 27 04:03:01 lfd : Failed SMTP AUTH login from 141.98.80.17 - ignored
Mar 27 04:04:06 lfd : Failed IMAP login from 154.72.188.190 - ignored
Mar 27 04:04:52 lfd : Failed IMAP login from 185.53.152.189 - ignored
Mar 27 04:05:27 lfd : Failed IMAP login from 190.131.220.130 - ignored
Mar 27...

hello
i have activated the ipv6 support in csf configuration but still is blocking all trafic... when i go to csf deny ips my ipv6 is listed there and is not ticked.. so i can't understand why they are blocked... if i turn off csf ipv6 is working fine
is anyone having the same issue? i searched the forum but i couldn't find anyone else experiencing the same problem...

Hi, I am using CXS on a WHM server and the Daily and Weekly Scan Wizards lets me configure an email address to send the reports to.
Is there a way to send reports to multiple email addresses?

Hi all!, From my vps (Cpanel v78.0.18 on centos 6.9 and csf 12.09) I'm trying send smtp email on 465 port but using other server in other location (using phpmailer). By default, CSF blocks all outgoing connections (SMTP_BLOCK = ON). Due to I don't want disable SMTP_BLOCK I deleted the 465 port from SMTP_PORTS (ports monitoring) and save the changes and all worked fine.

The problems appear after...

Have you considered integrating DDoS Deflate from: ?

I recently had a situation with my linodes where I got locked out.

They support recommendation from them was to run iptables -F which cleared the problem.
I never found my IPs in csf.deny

My question is, are there 2 layers of firewall.
The rules contained within CSF and additionally on top of that other rules that could have been added by some other process?

Thanks for any insight.

Hello,

CSF does not load, I could not restart it.

There are numerous CSF lock files

=================================
xyzz# ls -lahtr /var/lib/csf/lock/
total 72K
drw------- 2 root root 4.0K May 1 2018 ./
-rw------- 1 root root 10 Mar 4 22:32 ST_ENABLE_report.lock
-rw------- 1 root root 7 Mar 4 23:13 command.lock
-rw------- 1 root root 10 Mar 12 23:23 LF_CSF.lock
-rw------- 1 root root 10...

I am continually getting emails warning of Suspicious Process running under user ....

Executable(s):
/opt/cpanel/ea-php72/root/usr/sbin/php-fpm (most common)
/opt/cpanel/ea-php72/root/usr/bin/php.cagefs

Command Line (s):
php-fpm: pool bitsmart_biz (most common)
php-fpm: pool nutraceuticals_net_au
/opt/cpanel/ea-php72/root/usr/bin/php -c /home/cafecoma/public_html/support/php.ini -q...

Hello, I have an idea and I'm wondering if it's practical. It would require CSF Firewall considering every access of a PHP page to be a login failure, even though there was no actual login.

My idea is simple. Almost all my sites are hand coded, so there does not exist (for example) a page named wp-login.php. I want to redirect all those requests for non-existent CMS or forum logins to a single...

hello
my csf and cxs has this error when i want to open from whm.
HTTP error 404
The requested page was not found.

We have a customer on our cpanel server with a poorly built app. we need to exclude their specific website from scanning.

We are running csf on a cpanel server, so is there a way to exclude their directly from scans?

Hi all,

We have recently had the CXS scanners installed on one of our dedicated server and thus far are happy, albeit, somewhat confused.
I have been reading everything I can find, some have (I think) a decent understanding of the mechanics and configuration of CXS but I am struggling to understand hows the scans actually happen, i.e. what are the differences between the watch scans and other...

cPanel's docs indicate that when Apache's SpamAssassin is running, the built in autoresponder will not work with a spam score of 5 or higher.

It doesn't seem like mailscanner has this type of integration with the autoresponder, which creates a ton of bounce back e-mail. Am I missing a setting?

And yes, my client wants autoresponders as they are important for business so can't just turn it...