ConfigServer Community Forum

For CSF messenger, the index.php file that handles unblocking, uses curly braces for array indexes/offsets and throws:

Array and string offset access syntax with curly braces is deprecated.

For example:

$lang{ warning };

Should be

$lang ;

-PHP: PHP 7.4.12
-OS: CentOS Linux release 7.9.2009 (Core)
-CSF: csf: v14.08 (cPanel)

Hi

We just installed CloudLinux 9.3 and WHM/cPanel v116
we then installed CSF

edited config and turned OFF testing and changed no other feature.
Save

it then asks to restart
we click restart csf+ldf and it just gets stuck reloading page

Confirmed on 2 different CloudLinux 9.3 servers

CL9.3 with cPanel support is brand new (2 days ago it was released) so i'm guessing this needs fixing by you...

On my DirectAdmin/CentOS server I am using ConfigServer Security & Firewall - csf v14.20

The 'Check php version' mentioned that PHP version 7.4.33 is lower then 7.2 ??
7.4.33 is the only PHP version installed on this server.

Any version of PHP older than v7.2.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v7.3+:
Affected PHP versions:
7.4.33...

Hi,

There has been an update to the GeoLite2-Country-Locations-en.csv file that comes from maxmind.

Prior to around 31st October 2023, the GeoLite2-Country-Locations-en.csv file had this entry:

2750405,en,EU,Europe,NL,Netherlands,1

After the 1st November 2023, this line has been updated to:

2750405,en,EU,Europe,NL, The Netherlands ,1

For some reason, csf is having an issue with parsing...

Hi,

csf version: v14.20 (cPanel)
LFD Messenger has stopped responding on IPv4. It only listens on IPv6:

# netstat -punta | grep lfd
tcp6 0 0 :::28887 :::* LISTEN 173311/lfd HTTPS me
tcp6 0 0 :::28888 :::* LISTEN 173312/lfd HTML mes
tcp6 0 0 :::28889 :::* LISTEN 173313/lfd TEXT mes

I don't know if this is happening after upgrading to v14.20 but I think so.

Thanks,

Ignacio

Hi there,

when trying to access to UI from an nginx proxy, I have these weird error lines:

2023/09/20 15:43:20 2333492#2333492: *687017 upstream sent invalid header: \n ;
print Content-type: text/html\r\n ;
print \r\n ;
print \n ConfigServer Security & Firewall \n \n ;

That 'print \n ;' line should be added just before 'print '...

You are adding that line between HTTP headers, and this...

After enabling CT_LIMIT on a Centos 8 server I started getting these alerts:

Time: Tue Aug 25 20:00:54 2020 -0600
IP: ::ffff:d88a:c0e6 (Unknown)
Connections: 504
Blocked: Temporary Block for 1800 seconds
 
Connections:
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:51064 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:49206 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
tcp6:...

Something changed in the latest on AlmaLinux 8.8 and 9.2 so the messenger v3 service wasn't working when you accessed it:

AH01630: client denied by server configuration: /home/csf/public_html/

`
I was able to fix it by adding Require all granted to the .htaccess at /home/csf/public_html/.htaccess

Require all granted
DirectoryIndex index.php index.cgi index.html index.htm
#Options...

Since the upgrade to 14.19, repeated failed imapd logins in maillog are no longer getting blocked.
For example, the following (obfuscated) maillog entries did not result in a block, which they would have in earlier versions:

Jul 30 23:09:04 vps dovecot: imap-login: Disconnected: Aborted login by logging out (auth failed, 2 attempts in 8 secs): user= , method=PLAIN, rip=1.2.3.4, lip=5.6.7.8,...

Hi,

Following investigation there is a change in Perl 5.38 which breaks LFD (see Debian 12 LFD issues by me in General Discussions).

As soon as one of the log files causes an error (e.g. is simply not present), all future log file reads on any file will fail until the error is cleared.

I solved this by adding a clearerr call before each log read, which is in the LFD file and the function...

Hi

Repeated maillog entries of the following form were not detected when they should have been (obfuscated):

Jun 6 13:28:17 vps dovecot: pop3-login: Disconnected: Connection closed: read(size=984) failed: Connection reset by peer (auth failed, 1 attempts in 2 secs): user= , method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=

Log entries like this are rare.

CentOS Linux release 7.9.2009
cPanel...

Adding the following rules to /etc/csf/csf.allow:

tcp|out|u=0
udp|out|u=0

Adds the following rules to iptables:

# iptables-save | grep 'ALLOWOUT .*uid-owner'
-A ALLOWOUT ! -o lo -p udp -m owner --uid-owner 0 -j ACCEPT
-A ALLOWOUT ! -o lo -p tcp -m owner --uid-owner 0 -j ACCEPT

But does not add the same rules to ip6tables:

# ip6tables-save | grep 'ALLOWOUT .*uid-owner'

There is no...

For some reason its seems that cluster members do not always respond properly when denying an IP address.

Cluster Ping (They all respond fine):

csf --cping
Sent request to 10.0.0.10, replied:
Sent request to 10.0.0.20, replied:
Sent request to 10.0.0.30, replied:
Sent request to 10.0.0.40, replied:
Sent request to 10.0.0.50, replied:
Sent request to 10.0.0.60, replied:
Sent request to...

csf: v14.17
MESSENGER config by default with MESSENGER v2 enabled

I'm receiving these mail alerts from the Messenger recaptcha:

Subject: lfd on server.domain.com: recaptcha ?ôЄÿê/¶7Ô³Æ >ßv¬£þlÄ ¡ƒÃƒà¤õ-qJ7L-°¤Úwyµ#w@/V{Õ[7ÀTÀKÕˆ=RN”¯c?‘æø˝5Ô¬Œ•šñ+é>þGãïo&ŽÌÒoskäÊcìƒÙnePü[|š§AñÂDõ¯|¤ð¸£ãº7 (Unknown)

Time: Mon Aug 21 11:50:34 2022 +0200
IP: ?ôЄÿê/¶7Ô³Æ >ßv¬£þlÄ...

Hello,

since one of the last updates, I suspect the very last one 2 days ago, LF_SU_EMAIL_ALERT is not working anymore.
This would be very important as working on a prod server.
LF_SSH_EMAIL_ALERT is working normally, but both LF_SU_EMAIL_ALERT as also LF_SUDO_EMAIL_ALERT (which I never use but enabled shortly for testing) do no send or even try to send an email at all. I followed the postfix...

Since upgrading to cPanel/WHM version 100, some (all?) dovecot login failures are no longer being caught by lfd. It appears that the log entries have changed eg

vps dovecot: imap-login: Aborted login (auth failed, 2 attempts in 17 secs):

has become:

vps dovecot: imap-login: Disconnected: Aborted login by logging out (auth failed, 2 attempts in 11 secs):

There is a reference to this in...

Login page can't login with reverse proxy.
After that, I modify source code to add remote ip address as a ip address instead of localhost ip address, it work but only in firefox, and after login it still in login screen although i press F5 button. Only when i press Ctrl+Shift+R it will redirect to admin page but when i click a function it redirect to login page, only when i press Ctrl+Shift+R it...

In my testing I wasn't able to get the LF_BIND login failure trigger to work. After checking some Centos7 and Centos 8 servers it looks like the BIND trigger in RegexMain.pm doesn't account for the hex value e.g. (@0x7f18041004f0) that is logged in Bind 9+ servers.

Broken (Currently used):

Fixed (I just added the (?: \S+)? to add a non-capturing group that is optional):

I hope this helps!

In my testing I wasn't able to get the MESSENGERV3 to work correctly on Debian/Ubuntu servers (It can't find the SSL certificates). It looks like there is a bug in the Messenger.pm conftree function because it can't process the relative includes used by default on Debian/Ubuntu.

The config used in /etc/csf/csf.conf :

MESSENGERV3 = 1
MESSENGERV3LOCATION = /etc/apache2/conf-enabled/...

Hi guys,
When you search for an IP using the Search for IP / Search iptables for IP address function and it picks up an IP that is blocked, an Unblock button appears below the search results.

However, when the same IP is inside the temporary or full Allow IP list, the Unblock button not only removes the IP from the blocked list, but from the allow list as well.
Please make it so that the Unblock...