Hello

I received this email alert:

DISKWARN blocks ⚠: Mount Point /var/tmp

In fact I have this problem every time I start Modsecurity (WHM> Plugins> ConfigServer ModSecurity Control - cmc v3.02> On

How to solve? Why does he create full files in /tmp and are never deleted? !!

The contents are always the same, for example:

20190929-164834-XZDEQvVm4BVDTJKP-ghNEwAAABE-file-3LUIA0

There...

for many years i used this rules and it worked but recently i found it stop working, eg, i removed special port like 22 from csf config to block global access to this port, and added some IPs to whitelist csf.allow to able to access this port. only some IPs. everything worked as well but recently i found this port is open to all. i restarted csf, it fixed but after some days when i tested froma...

I fixed the issue... not sure how to delete this post though? Thanks

Hi there. This is my first post in this community.
I just got the very good cleanup service from Jacob performed on my server, and now I am getting 50+ emails per day about:

subject: cxs Scan on xxxx.mydomain..com (Hits:1) (Viruses:0) (Fingerprints:1)

I would like to either get a daily digest, or just suppress them. Is there any quick adjustment in the settings I can do?

Thanks

please delete this post, problem was unrelated to CSF

Possible root compromise: File /lib64/libkeyutils.so.1.9 exists and /lib/libkeyutils.so.1.9 exists.

For more information see:

This file is part of keyutils, part of the Linux kernel. If lfd is not checking the hash of the file matches a compromised version (it doesn't), then don't report it. This library has been around and been installed for years. Only when I updated to the 1.9 so version of...

The setting LF_MODSECIPDB_FILE suggests /var/cpanel/secdatadir/ip.pag, but there's no such file in that folder. I also checked all the suggested folders in the setting, like /tmp, couldn't find ip.pag anywhere. But I did find cpanelusername -ip.pag in the folder /var/cpanel/secdatadir/

Is that the file LF_MODSECIPDB_FILE is asking for? If it is, how do I handle this situation? It appears that...

Hi Guys,

Several of my fleet of VPS's has been performing weirdly lately. They're spread geographically and between different providers. All of my issues have gone away and server load has reduced as soon as CXSwatch and CXS were stopped. and they begin again after it is re-enabled.

I'm talking going from average 25% of 8 CPU cores and 8GB of ram to 98% for long periods of time across multiple...

I have been trying to get iOS Mail Push Notifications working. The first step was getting the expired certificate renewed.. After much work, that got done. But Push still wasn't working. I read here:

that I would have to ad port 2195 to TCP in CSF which I did, for both IN and OUT. But that hasn't helped. Is it possible there is another CSF configuration preventing Push Notifications?

/var/spool/MailScanner/quarantine/20190916/nonspam has 1,984 messages in the folder.

Anyone know how I can find out why they weren't delivered and what needs to be done to get them delivered?

I am running Mailscanner Front-End 8.27 on cpanel v82.0.15

I got an email with this message:

Scanning web upload script file...
Time : Mon, 16 Sep 2019 15:23:48 -0500
Web referer URL :
Local IP : 162.241.XXX.XXX
Web upload script user : nobody (99)
Web upload script owner: ()
Web upload script path : /home/FOLDERNAME/public_html/wp-content
Web upload script URL :
Remote IP : 202.104.9.163
Deleted : No
Quarantined : Yes

NOTE: does not exist on this...

Hello, last night WHM updated itself to v82 and I started getting emails that mailscanner is not working, a quick google search brought me to this:

I updated the scripts on the server via this: curl -sL | perl

but i am not still getting emails from WHM saying that mailscanner has failed, what can I do?

Hi,

I setup MAILX via gmail for notification alert sending.

How to use this to send CSF alerts too ?

I am seeing this on one of our installs:

Web upload script path : /home/csf/public_html/wp-content
Web upload script URL :
Remote IP : 111.111.111.111
Deleted : No
Quarantined : Yes

NOTE: does not exist on this server. However, ModSecurity is still triggering cxs to scan the attempted uploading of potentially malicious data

What is causing csf to populate instead of the username of the...

Hello, Sarah.
Could it be possible that when we try to block an IP with MailControl, the first POP UP show us if the IP is already blocked?

Until now, if I a see an spammer IP and I want to block it, I click on the red circle, it brings a POP UP with all the info about the IP and a line where I can modify the text of the block.

But some times it happens that the IP that I want to block is...

hello
he has a problem
The site does not send mail
But when you disable *ConfigServer Security & Firewall*
Mail works normal
I use Gmail SMTP

Hi,
I installed CSF Messenger. Everything seems fine. Recaptcha page is working too. When you validate with clicking i'm not a robot button, it says ok.

But when I click Unblock button after that it shows an error.

There has been a problem: Unable to verify with Google reCAPTCHA

I tried almost everything, but it doesn't validate somehow. What could be the problem?

Hello,

When cxs ModSecurity Scanning enabled on a directadmin server which has got openlitespeed with comodo waf, does cxs work?

Anyone knows that are compatible?

Thanks

Could someone kindly point me in the direction of more information regarding the MySQL Data Collection feature? It looks like an interesting feature, based on the description in the config, but it doesn't provide much detail and I'm having configuration challenges.

ST_MYSQL =
The following options are for authentication for MySQL data collection. If the password is left blank and the user set...

When the Watch System Logs page loads, the refresh function is automatically set to five seconds. I rarely find the auto-refresh helpful as I typically am scrolling up through the logs and lose my place when it refreshes.

I've been wanting a feature request for a switch to disable the auto-refresh either on the page or in the config. This could also include customization of the refresh...