This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
If a PT_LOAD event is triggered, then if the following contains the path to
a script, it will be run in a child process. For example, the script could
contain commands to terminate and restart httpd, php, exim, etc incase of
looping processes. The action script must have the execute bit an
interpreter (shebang) set
So for a while now I was annoyed that my servers are blocked between each other, but I never bothered to check why. After a while, I decided to configure DYNDNS domains between them (as we change IPs quiet often) and it all worked. On IPv4. Since some of our servers also use IPv6 obviously that wasn't working. So I tried allowing specific IP and that worked.
Login page can't login with reverse proxy.
After that, I modify source code to add remote ip address as a ip address instead of localhost ip address, it work but only in firefox, and after login it still in login screen although i press F5 button. Only when i press Ctrl+Shift+R it will redirect to admin page but when i click a function it redirect to login page, only when i press Ctrl+Shift+R it...
On my DirectAdmin/CentOS server I am using ConfigServer Security & Firewall - csf v14.20
The 'Check php version' mentioned that PHP version 7.4.33 is lower then 7.2 ??
7.4.33 is the only PHP version installed on this server.
Any version of PHP older than v7.2.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v7.3+:
Affected PHP versions:
7.4.33...
Since the upgrade to 14.19, repeated failed imapd logins in maillog are no longer getting blocked.
For example, the following (obfuscated) maillog entries did not result in a block, which they would have in earlier versions:
Jul 30 23:09:04 vps dovecot: imap-login: Disconnected: Aborted login by logging out (auth failed, 2 attempts in 8 secs): user= , method=PLAIN, rip=1.2.3.4, lip=5.6.7.8,...
Following investigation there is a change in Perl 5.38 which breaks LFD (see Debian 12 LFD issues by me in General Discussions).
As soon as one of the log files causes an error (e.g. is simply not present), all future log file reads on any file will fail until the error is cleared.
I solved this by adding a clearerr call before each log read, which is in the LFD file and the function...
For some reason its seems that cluster members do not always respond properly when denying an IP address.
Cluster Ping (They all respond fine):
csf --cping
Sent request to 10.0.0.10, replied:
Sent request to 10.0.0.20, replied:
Sent request to 10.0.0.30, replied:
Sent request to 10.0.0.40, replied:
Sent request to 10.0.0.50, replied:
Sent request to 10.0.0.60, replied:
Sent request to...
since one of the last updates, I suspect the very last one 2 days ago, LF_SU_EMAIL_ALERT is not working anymore.
This would be very important as working on a prod server.
LF_SSH_EMAIL_ALERT is working normally, but both LF_SU_EMAIL_ALERT as also LF_SUDO_EMAIL_ALERT (which I never use but enabled shortly for testing) do no send or even try to send an email at all. I followed the postfix...
Since upgrading to cPanel/WHM version 100, some (all?) dovecot login failures are no longer being caught by lfd. It appears that the log entries have changed eg
In my testing I wasn't able to get the LF_BIND login failure trigger to work. After checking some Centos7 and Centos 8 servers it looks like the BIND trigger in RegexMain.pm doesn't account for the hex value e.g. (@0x7f18041004f0) that is logged in Bind 9+ servers.
Broken (Currently used):
Fixed (I just added the (?: \S+)? to add a non-capturing group that is optional):
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum