CSF and LFD seem to be working great on two servers now. My Logging level is high and e-mail alerts are high, which dumps quite a few e-mails into my mailbox.
I only have 1 problem. All Server email alerts look exactly the same from the subject line. The all start with the same beginning (lfd: rest of subject)
I am currently going through and manually editing all the e-mail templates to...
Many moons ago I wrote a set of scripts much like csf. I am glad great minds think alike :)
I know this is a tricky one, but one improvement I would like to see is a way to set up a set of files which the System Integrity check will restore if they are modified.
For instance, sshd, ps, etc...
Last year, one of my servers was compromised but I caught it immediately (thanks to csf!) however,...
Is it possible to configure in csf a list of IPs that are allowed to access SSH and block all the others? I think this is better that changing the SSH port.
In my old iptables script I have a line like this:
-A INPUT -s x.x.x.x -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
on x86_64 systems courier-imap uses gamin to monitor file modifications in mailboxes, users with larger mailboxes trigger 'excessive resource usage' messages because gamin stays open for the duration of their session.
Was just dropping the hint that it possibly should be included in lfd's process whitelist by default.
obviously this is very simple to do manually after install, but just thought...
When you use csf Temporary IP Bans you notice a number of people trying over and over. When they are banned, they seem to pop back after their csf Temporary IP Bans is over. It would be a great feature if you could say, if an IP hits the csf Temporary IP Bans table more then x times in y minutes, they are put in the perm ban.
I recently configured my server so that ssh logins will only work using public key encryption, and not plain old passwords. I noticed that lfd stopped detecting and banning IPs for people that attack ssh. Not a problem, you might think, since they will never get in anyway since they don't have a valid key. However, looking at the very long logfile of attempts, I thought it was probably best to...
Is this possible when a WebHost Manager reseller click on ConfigServer Security&Firewall in the plugins menu (and other configserver link) to se a different message than You do not have access to modify ConfigServer Firewall .
Instead, i suggest to write: ConfigServer is installed and running!
I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry.
eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltogether.
just thought it would add a whole new level of control :)
Just noticed that the temporary ban was overriding the csf.allow IPs when our webmail server was blocked from accessing one of our servers even though it was in the allow file.
Another annoying thing is that you can't remove the temporary bans through the csf interface (cpanel whm plugin)
Probably un-needed by most people but I could use something like this. If it wouldnt add no bulk or anything that would cause problems id really like to see this.
Would be good in case you have an ip under attack, you could examine tcpdump and see if there is a pattern in TTL which there usually is with some ddos tools/bots.
Or maybe advanced options for the PF feature that includes something...
I'm new to CSF and firewalls in general. I'm trying to complete a PCI scan and I was told by the company doing the scanning that I needed to block SYN packets to certain ports.
This is exactly what was said.:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP...
I'm using CSF-LFD on all my servers, including my VPS servers and it's working very well... until dirwatch meets some huge files, like this can happen when I move a VPS from one server to another. In this case, a temp file is created in /tmp, whose size can be several GB, causing a high load when dirwatch is checking it.
Could this be possible that we can set a max size for the files to be...
Thank you very much for this product. We recommend it to all of our customers who request a powerful firewall that is simple to manage. I have two feature requests -- please correct me if they are already within the product.
1) Dovecot support. We typically set up our dedicated servers using Fedora or CentOS. We install PureFTP to be compliant with CSF, but we require Dovecot for...
I been using a modifed version of dos deflate to block connections with so many syn_recv but its not perfect. Only can run every minute and havent really made a viable unban feature.
If there was a thing on csf like connection tracking that parsed netstat for so many syn_recv connections per ip and ban the ones with the limit, I usually do 10 but sometimes it can ban legit users.
First of all I'd like to thank you for releasing such a wonderful piece of freeware; when I first used it, it just blew me - all those apf+bfd limitations are now finally solved through this neat software. It's just great!
But I'd still like to see a couple of more features which I'm sure a lot of the more advanced users will appreciate them. And I don't think they are hard to implement:...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum