hi, I would like to know if it's possible to add the variable keys authentication in sshalert.txt,
since it is essential to know this information when there are more of an active key.
Please consider adding dovecot (IMAP & POP binaries) to the stock-default LFD process ignore list; this will help to limit the that is triggered by simple IMAP and POP usage.
I've noticed in small boxes that after a lite DOS was occured and the system memory have reached its top value, the lfd hangs, can't fork errors are issued, lfd is dead, and the temporarily blocked IP addresses remain blocked in iptables. I've also noticed that that blocks are not cleared nor un-orphaned when you start the csf again. That's cool because, under a DDoS attack, your iptables will be...
I think it would be possible but maybe somewhat a security risk...but can easily take all pre-cauctions when doing this.
I have a few reseller clients and some of their clients get banned, but they would have to contact me to remove from the deny list and add them to the allow list.
^Only long solution, The fast solution is a more security risk , Set->Reseller Account with root permissions,...
I got some lovely messages from LFD this morning telling me that the mail queue had X,000 emails in it (EEK)... problem was I was asleep and didn't see the emails till around 3 hours later (25,000 emails in the queue by now). I do have my server limited to 1000 emails per domain, but I have a feeling this is ignored if they hack in or use exim direct? Anyway back to the point - the warnings are...
Currently, after XXX entries in the deny file, csf automatically starts removing the oldest entries. Is there a way to have a list of permanent deny entries that never get auto removed? Is this the global deny list, or would this be a new feature?
Is there a way to track all WHM/cPanel/FTP logins and not just the failed ones? What we would love to see is the name of the country the person successfully logged in from in an email. Some of our clients are a bit careless when it comes to creating strong passwords.
We understand that many of the servers that support hackers are in the US but many of them are not. We do not have many...
Being able to monitor important folders and files for changes. IE : /etc , /etc/passwd, groups , shadow, config files, system binaries . Based on md5 checkings ?
I know we got the ct states option which is a big help but I figured I would offer this suggestion from experience.
I got to noticing on a server I didn't have ct_states on that it was counting last_ack, fin_wait, close_wait etc as connections. I know about the skip time wait option but usually there is just as much of the other connection states.
I'm using csf for over 1 year. It's the best firewall.
SCRIPT_ALERT feature is crucial for me, I have no idea why it is removed on generic installation. Well, for old versions I added by hand to csf.conf these lines
SCRIPT_LOG = /path/to/log
LF_SCRIPT_ALERT = 1
LF_SCRIPT_LIMIT = my limit number
LF_SCRIPT_PERM = 1
I know csf allows you to use the DShield block list. Have you considered adding the ability to send firewall logs to DShield? I'm looking into doing this outside of csf, but it would be really nice if it were just a matter of enabling it in the configuration.
Hi,
it would be nice to just enter into the main page of CSF in WHM and could see were it says:
View/Unblock the temporary IP bans the number of IPs banned. Somenthing like this:
View/Unblock the temporary IP bans (10 IPs blocked)
Will be usefull to see status of mysql connections (show processlist) and exim queue. If total queue messages number (exim -bpc) is lower enough (let's say below 1000), the summ can be also display (exim -bp | exiqsumm -c)
i got a question: if i whitelist a whole /24, why do i still get mail notification about blocked connections from those ip addresses? same happens with single ip whitelisted, and when i checked the iptables rules, the ip was multiple times added to DROP list.
this happens on generic install centos 5.1 64 bit.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum