I'm using CSF-LFD on all my servers, including my VPS servers and it's working very well... until dirwatch meets some huge files, like this can happen when I move a VPS from one server to another. In this case, a temp file is created in /tmp, whose size can be several GB, causing a high load when dirwatch is checking it.
Could this be possible that we can set a max size for the files to be...
Thank you very much for this product. We recommend it to all of our customers who request a powerful firewall that is simple to manage. I have two feature requests -- please correct me if they are already within the product.
1) Dovecot support. We typically set up our dedicated servers using Fedora or CentOS. We install PureFTP to be compliant with CSF, but we require Dovecot for...
I been using a modifed version of dos deflate to block connections with so many syn_recv but its not perfect. Only can run every minute and havent really made a viable unban feature.
If there was a thing on csf like connection tracking that parsed netstat for so many syn_recv connections per ip and ban the ones with the limit, I usually do 10 but sometimes it can ban legit users.
First of all I'd like to thank you for releasing such a wonderful piece of freeware; when I first used it, it just blew me - all those apf+bfd limitations are now finally solved through this neat software. It's just great!
But I'd still like to see a couple of more features which I'm sure a lot of the more advanced users will appreciate them. And I don't think they are hard to implement:...
hi guys, i have 2 servers , csf on both of them, i allowed the ips to one another, and they really do create a lot of connections between them. yet i woke up this morning, and i saw 760 messages telling me that the ip xx.x.x.x had 333 connections and it was blocked. it was NOT blocked, but i still got spammed .
i don't want to disable the mail alert, because that is cool, but i want to receive...
I'm not sure this has been discussed but here goes:
I've noticed that since we don't use SSH password auth we don't get Bruteforce IPs blocked for SSH. I suppose it makes sense if an RSA auth failure isn't classified as a loggin failure (I'm thinking out loud there as I'm not sure on the technical side myself yet).
Personally, I would rather see these IPs banned permanently than to get...
I know the feature exists to have a centralized IP deny/allow list but what about having a clustered one?
For example, we host our servers on the same network. So what would be nice is if one server denies/allows an IP, the other servers pick up the IP and perform the same action.
It might sound easier on paper but certainly a noteworthy feature.
How can I get the firewall BLOCKED messages to log to /var/log/firewall instead of /var/log/messages? And how do I add that file to log rotation? Is there a way to specify the log file or the Syslog level and then modify /etc/syslog.conf.
I have started blocking large IP ranges to cut down on spam from spam friendly countries. It would be nice if CSF had an interface for selecting a country like China and having all the IP's for that country to be added to the firewall deny list.
Just a thought. I don't know how many people are blocking countries like I am.
Could you set it so that an email won't be sent whenever there is no update available. It's annoying to see that mail almost everyday. It serves no purposely really, if it isn't updated why should I need to know about it? No email would mean that there is no update available. I hope you make this change or at least give an option. Thanks, keep up the great work. :)
The new cPanel WebDisk facility occasionally throws up suspicious process emails when people use it. It may be worth adding its process to the ignore processes list if you let customers use it.
This is whats needed inside the process ignore list:
It would be nice if I could move certain logon failures to a timed list so that they would clear in a specified time.
We never remove SSH failures but FTP, SMTP are often legit users that for whatever reason get themselves locked out.
If we could set this list to clear at certain intervals, it would make life a bit easier and at the same time, anyone trying hack in is going to be long gone...
CSF already does a nice job watching the exim_mainlog file. Many of us have also setup WHM to not allow any domain to send over x amount of emails per hour. When a spammer gets on the server and attempts to do so it is logged in exim_mainlog. It would be a great help if CSF could also check for multiple failures of this limit by checking for excessive sending attempts as well. I think that this...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum