Im using ConfigServer MailScanner Front-End where client IPS can be blocked by adding an entry into csf.deny. Ive been blocking the IP's for the persistent low scoring spam emails.
It is my understanding that due to the upper limit of IP's in csf.deny, the IP's for blocked emails will eventually get rotated out of the file.
Would it be worthwhile to consider having a separate file that could...
Hello,
The 99% of my distributed smtpauth attack alerts are for 535 Incorrect authentication . It would be nice if the alert is sent only when successful access to the email account is detected.
I believe this entry should be considered for removal. The base_30days.txt file no longer exists, and by visiting and searching the internet (ie, openbl.org's twitter page), it appears the company has gone under, for financial reasons.
When the openbl.org blocklist is enabled, in the /var/log/lfd.log file, every 30...
In its current form, CSF (when configured to also block outgoing connections) will add IP blocks as a DROP rule for outgoing conncetions. Outgoing connections should never be dropped. This can lead to a myriad of issues in the right environment, and at least a few issues in most environments.
A DROP rule in iptables does not send an error/rejection packet back to the...
How about a feature to permanently block IP by putting them in something like csf.pdeny
Right now if the deny_ip_limit is set at 100 and then if all the 100 IPs are filled up and CSF starts removing from the oldest IP blocked order the ones at the top get removed. But there are certain IPs which I would like to keep permanently blocked even if the limit has been reached and csf removes the oldest...
Create a field in CSF UI where you can input custom ip rules.
Ideal would be to click some options as connection limit, rate limit, inbound, outbound, ports, etc.
I came to this idea after searching for a way to limit 1 ip address which is hammering my server. But I don't want to block this IP nor do I want to limit all ip addresses in general.
It would be nice if we could white list countries so that they don't get blocked by the failed logins, most of the times our customers setup Outlook or similar clients and after an email password changed IMAP / SMTP blocks them.
Since most of the time hackers use compromised servers or anonymous proxies on USA, China, Germany... it should be easy if we could avoid LFD to act on IPs based on...
Hi all,
I wondering if I have something forgotten in my configuration for my cluster set-up?
Cluster_Sendto has all 4 IPs, Cluster Recvfrom, all 4 IPs, Cluster block = on, Cluster config = off
Same config on all 4 servers.
4 servers are in the cluster, it works partly fine, but it is not blocking IPs from LFD. and Network Classes.
thanks a lot for this CSF 10 upgrade, really great new options and ability for the users to unblock themselves.
I've tested it and it works ok, but when the user successfully unblocked, shouldn't he seen a page about you're now unblocked and could proceed to : the requested url that blocked him at first ?
My question/suggestion is to know if we can have a way to propose a translation of...
I was trying to setup some of the new CSF MESSENGER_HTTPS features but LFD can't find the SSL certificates on a Plesk server for some reason. Any ideas?
Feb 28 09:57:33 web6 lfd : MESSENGER: Error starting HTTPS service: No SSL certs found in MESSENGER_HTTPS_CONF location
Feb 28 09:57:33 web6 lfd : MESSENGER: HTTPS service temporarily *DISABLED*
Right now I have lfd configured to e-mail me whenever it blocks, so I get a lot of e-mails blocked for port scanning , among others. This is getting to be a lot of e-mails, 100-200 per day. It would be nice if lfd stored up the day's blocks, and sent an e-mail summary at the end of the day instead. Perhaps there could be a on/off switch for this daily reporting in the config file?
We are a small company, and the way our IT company have organised our network, our in-house administered web server is on the LAN but accessible through our NAT via a virtual server firewall rule that is not port-specific. It may not be the best configuration, but it works for us.
Since all traffic destined for its IP does get to the server, it's nice to be able to run CSF/LFD's port scan...
Is there anyway to add the option of Cluster Search to CSF? We have currently like 30 cPanel/WHM servers with CSF installed and another server which acts like a cluster master server for all the other servers with CSF installed.
We have developed a tiny little php script using csf -cr IP_ADDRESS accesibile via WEB so we can easily unblock ip addresses without entering on that...
It will be fantastic if you can include this patch in future versions of your code. The patch has been generated against csf v9.24. The patch activates the dormant code in lfd.
We needed the reason why an IP address was blocked. The reason is already recorded in the lfd.log on the host that blocks the IP address. In CLUSTER mode, the reason is not passed on, hence the patch.
Would it be possible to add temporary denies / allows and removal of those to CLUSTER cli as well?
Or just let us specify TTL and comments like: csf -cd 157.55.39.107 300 'msn bot mischief'
Virtual memory doesn't cost anything. I could have a process that maps a large file on my hard drive and this will be through the roof. I got the following error today:
Time: Sat Aug 11 21:59:45 2012 -0600
Account: mike
Resource: Virtual Memory Size
Exceeded: 1110 > 1000 (MB)
Executable: /usr/bin/kmix
Command Line: /usr/bin/kmix -session...
I was wondering if there is a way to exclude specific users (not system users) but email usernames from being blocked by lfd.
the reason for that request is that many times we deny access to users who are leaving the company or have been let go, these users which still have their email account configured on their mobile devices will prompt lfd blocks and by doing so may block ip's that...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum