This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Hi, I some time receive High load average alerts from lfd. When I open the attachments ps.txt or other ones, looks like it is not a proper text file and everything looks gibberish. I checked the file type and it's detected as file type data application/octet-stream. I also reinstalled csf but that didn't fix my issue. here is what vmstat file looks like in gmail and in text editor....
We've noticed that some Apache-related LF_* rules (LF_APACHE_404 and LF_MODSEC specifically) no longer seem to get triggered. I've simulated multiple 404 errors and triggered random ModSecurity rules, but CSF didn't pick up any of the events, and my non-whitelisted IP address didn't get blocked at all.
In the /usr/local/csf/lib/ConfigServer/RegexMain.pm file, I see that all Apache-related regex...
It seems there is a bug with IPv6 support. I installed CSF on an AWS Lightsail instance and in order to automatically obtain a public IPv6 address, AWS requires support for RA/SLAAC. With CSF turned on, the instance receives an IPv6 address on boot but then once valid_lft reaches 0, it falls off the interface and can't be renewed.
I have set:
IPV6 = 1
IPV6_ICMP_STRICT = 0
IPV6_SPI = 1
First, I appreciate all the hard work the team puts into this software.
Recently setup a fresh cPanel server and I noticed that the firewall wasn't blocking repeated mod security hits, despite configuring LF_MODSEC with a low threshold (2). The CSF...
The hex2ip function strips leading zeros.
However for the string passed to inet_ntoa it simply strips the double colons, forgetting about the leading zeros.
This e.g. results in wrong ipv4 address for ipv4 connections on tcp6 sockets.
Example that goes wrong:
0000000000000000FFFF0000CE0ACB74 -> 0:0:0:0:0:ffff:74cb:ace -> 7.76.186.206
correct would...
I saw the notice posted below indicating Cloudflare Firewall Rules (API) being deprecated.
Will the deprecation of the Cloudflare Firewall Rules API impact the integration of CSF’s Cloudflare IP blocking feature? ( I am not sure if that deprecation affects the IP access_rules portion of the API )
The Cloudflare blocking feature has been immensely...
If a PT_LOAD event is triggered, then if the following contains the path to
a script, it will be run in a child process. For example, the script could
contain commands to terminate and restart httpd, php, exim, etc incase of
looping processes. The action script must have the execute bit an
interpreter (shebang) set
Login page can't login with reverse proxy.
After that, I modify source code to add remote ip address as a ip address instead of localhost ip address, it work but only in firefox, and after login it still in login screen although i press F5 button. Only when i press Ctrl+Shift+R it will redirect to admin page but when i click a function it redirect to login page, only when i press Ctrl+Shift+R it...
On my DirectAdmin/CentOS server I am using ConfigServer Security & Firewall - csf v14.20
The 'Check php version' mentioned that PHP version 7.4.33 is lower then 7.2 ??
7.4.33 is the only PHP version installed on this server.
Any version of PHP older than v7.2.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v7.3+:
Affected PHP versions:
7.4.33...
Since the upgrade to 14.19, repeated failed imapd logins in maillog are no longer getting blocked.
For example, the following (obfuscated) maillog entries did not result in a block, which they would have in earlier versions:
Jul 30 23:09:04 vps dovecot: imap-login: Disconnected: Aborted login by logging out (auth failed, 2 attempts in 8 secs): user= , method=PLAIN, rip=1.2.3.4, lip=5.6.7.8,...
Following investigation there is a change in Perl 5.38 which breaks LFD (see Debian 12 LFD issues by me in General Discussions).
As soon as one of the log files causes an error (e.g. is simply not present), all future log file reads on any file will fail until the error is cleared.
I solved this by adding a clearerr call before each log read, which is in the LFD file and the function...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum