csf v12.12 running under cPanel & WHM v80.0.18 on CentOS v7.6

Randomly, but very frequently, when you go to:

and especially after a csf+lfd or lfd restart, the page fails to load and gives a blank page.

It often takes multiple page reloads or a Resend to get the page to finally load.

Hi guys.

I want to know if it's possible to have an option to EXCL:UDE CLEAN user accounts from the report we receive via email?
This way, we can get a more concise report and easier to scroll when reading from mobile device.

Thanks.

Hi guys.

I just noticed that the scan DAILY is also launched at the same time than the WEEKLY.
Ressources wise, I would prefer if I can have more control over the cron like:
- daily scan from days 0 to 5 (Monday through Saturday)
- weekly scan on day 6 (Sunday)

Do you have a suggestion ?

BTW, your CXS is INCREDIBLE !! It founded many vulnerabilities when I was sure I had none on my servers....

csf is currently restarting - command skipped on line 3416

Hello,

I've recently updated cPanel to the latest version after the exim bug, since then my CSF is acting up and restarting after every 5 to 15 minutes and this goes on constantly. Probably it wasn't a solution to my issue but I uninstalled CSF and installed it again. But the issue still persists.

Every time it restarts in CSF...

Hi guys! After enabling csf and firewall my network performance dropped really bad.
What can be done to get the speed back ?

Speed without csf enabled
2019-06-19 20:36:33 (73,8 MB/s) - ‘/dev/null’ saved
2019-06-19 20:33:21 (55,2 MB/s) - ‘/dev/null’ saved

And here with csf enabed same files
2019-06-19 20:37:33 (10,0 MB/s) - ‘/dev/null’ saved
2019-06-19 20:32:42 (9,95 MB/s) - ‘/dev/null’...

Hi,

I rebooted my server and the boot is stuck as CSF failed to start.

When I tried restarting the following error is shown.

# csf -x
Error: csf is being restarted, try again in a moment: Resource temporarily unavailable at /usr/sbin/csf line 176.

When checked what is stopping from server to completely boot we found the following.

# systemctl status | head -5
● server.sastaservers.com...

Currently the following IP's are configured in CSF for cPanel support:

208.74.123.2 # cPanel Auth Server
208.74.123.3 # cPanel Auth Server
208.74.121.82 # cPanel Auth Server
208.74.121.83 # cPanel Auth Server
208.74.121.85 # cPanel Auth Server
208.74.121.86 # cPanel Auth Server

Upon opening a new ticket last week, we were advised that their support address block has changed to:

184.94.197.2...

Hi. I'm wondering if there's a way to not receive warnings for, say, ssh-agent for a specific user. I know that I can ignore all processes by a user, and all warnings for a specific executable, but is there a way to combine the two and ignore a specific process by a specific user?

Any ideas why Mailscanner has started throwing these warnings.
Only started in the last couple of days, maybe after updating WHM.

Executable:

/usr/local/cpanel/3rdparty/perl/528/bin/perl

Command Line (often faked in exploits):

MailScanner: waiting for messages

Network connections by the process (if any):

udp: 213.171.xxx.xx:56285 -> 5.9.124.53:24441

Files open by the process (if any):...

I have a domain that crawls a lot of other domains. For sites that have a lot of urls to crawl I get a permanent block do to CT_LIMIT being reached. I know i can add the IP addresses for them in csf.allow, but this doesn't work as my site is a SaaS and needs to allow lots of different IP addresses. Is there a way for me to have this one domain not monitored for CT_LIMIT?

Thank you,

Tony

Hi guys.

Fantastic product by the way.

I want some host to be excluded from the RELAY ALERT I'm receiving. These are the IP of my mail filters. I don't want to increase the RT_RELAY_LIMIT so I can keep alerted if another IP is abusing.

Here is the alert I'm receiving:
Time: Wed Jun 12 10:47:22 2019 -0400
Type: RELAY, Remote IP - 144.217.xxx.xxx (CA/Canada/xxx.xxxxxxxxx.net)
Count: 101 emails...

Good da Guys

I am currently evaluating CSF / LFD, I have a colleague that put me on CSF, and he claims that:

CSF/LFD it could warn/block on *successful* logins from multiple IPs.

I just want to double check with community if that is true. I don't know if it is in my heads, but it just seems a little hard to be true. Or back to front thinking , for surely tools like LFD / fail2ban etc monitor...

Well I'm sure I'm daft on this, but after reading the new blog update at today, I'm not sure what I'm supposed to do with that file at all.

Would anyone be so kind as to provide a bit of guidance?

Thank you :)

Hi,

We use CSF on our cPanel DNS only servers. We have had a lot of attacks against them recently. However in CSF it only seems to keep the last 200 ip's blocked. How can we keep all blocked ip's please?

Hi.

On my server has CSF configured for stop users using sendmail or not authenticathed SMTP.

But after one problem with Hotmail, I see that configuration by pass.

/etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing...

Hello,

I set CF_ENABLE to 1 and put my api and email to the csf.cloudflare file but csf will not sync csf.deny ips to cloudflare firewall

We are licenced: MailScanner - v5.0.2 installed

After updating Monitored Services in WHM / Service Manager I got an error when Saving / Restarting.
===============================
Waiting for “mailscanner” to start ……waiting for “mailscanner” to initialize ………failed.

Cpanel::Exception::Services::StartError Service Status

Service Error
(XID eckgdv) The “mailscanner” service failed to start....

We're trying to route all traffic on our server through Sucuri's networks, and for the most part that's worked with the following entries in /etc/csf/csf.allow (IPs listed below are not private, they are owned by Sucuri and publically accessible):

tcp|in|d=80|s=192.88.134.0/23 # Sucuri Range
tcp|in|d=80|s=192.124.249.0/24 # Sucuri Range
tcp|in|d=80|s=185.93.228.0/22 # Sucuri Range...

In maillog I get a lot of attack attempts from one IP to different or to the same email account like in example bellow:

May 28 08:36:05 vh0 vpopmail : vchkpw-smtp: password fail (pass: 'q123456') office@mydomain.tld:223.241.1.175
May 28 08:36:22 vh0 vpopmail : vchkpw-smtp: password fail (pass: 'OFFICE') office@mydomain.tld:223.241.1.175
May 28 08:36:32 vh0 vpopmail : vchkpw-smtp: password fail...

Hi,

I was looking for the correct line to place to ignore all cache files located under home folder. Bot sure if the correct code.

I tried the below but none seems to work?

dir:.*\/cache/.*
pdir:\/home\/.+\/public_html\/*.*\/cache/.*
dir:\/home\/.+\/public_html\/*.*\/cache/.*

Thanks
Frank