Can you allow comments in the other config files such as the csf.dyndns using the same format as the csf.allow or csf.deny files:
From the readme.txt file:
Both csf.allow and csf.deny can have comments after the IP address listed. The
comments must be on the same line as the IP address otherwise the IP rotation
of csf.deny will remove them.
If editing the csf.allow or csf.deny files directly,...
Would there be harm is automatically updating the md5 check sums after the upcp runs? Since I could not find a specific parameter/switch on LFD to perform this operation, perhaps something like this could be added to the /scripts/postupcp file...
md5sum /usr/bin/* /usr/sbin/* /bin/* /sbin/* /usr/local/bin/* /usr/local/sbin/* /etc/init.d/* /etc/xinetd.d/* /etc/rc.local > /etc/csf/csf.tempint...
Hi, I was wondering when a feature would be enabled in this software to allow for more intuitive FTP connectivity.
Let me elaborate on the specific issue:
I upload/download to a couple of sites. Upgrades of blog software, what have you. The issue that I have come into quite frequently is that after 250 connections the IP I am uploading through essentially is blocked. I understand this is done...
CSF and LFD seem to be working great on two servers now. My Logging level is high and e-mail alerts are high, which dumps quite a few e-mails into my mailbox.
I only have 1 problem. All Server email alerts look exactly the same from the subject line. The all start with the same beginning (lfd: rest of subject)
I am currently going through and manually editing all the e-mail templates to...
Many moons ago I wrote a set of scripts much like csf. I am glad great minds think alike :)
I know this is a tricky one, but one improvement I would like to see is a way to set up a set of files which the System Integrity check will restore if they are modified.
For instance, sshd, ps, etc...
Last year, one of my servers was compromised but I caught it immediately (thanks to csf!) however,...
Is it possible to configure in csf a list of IPs that are allowed to access SSH and block all the others? I think this is better that changing the SSH port.
In my old iptables script I have a line like this:
-A INPUT -s x.x.x.x -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
on x86_64 systems courier-imap uses gamin to monitor file modifications in mailboxes, users with larger mailboxes trigger 'excessive resource usage' messages because gamin stays open for the duration of their session.
Was just dropping the hint that it possibly should be included in lfd's process whitelist by default.
obviously this is very simple to do manually after install, but just thought...
When you use csf Temporary IP Bans you notice a number of people trying over and over. When they are banned, they seem to pop back after their csf Temporary IP Bans is over. It would be a great feature if you could say, if an IP hits the csf Temporary IP Bans table more then x times in y minutes, they are put in the perm ban.
I recently configured my server so that ssh logins will only work using public key encryption, and not plain old passwords. I noticed that lfd stopped detecting and banning IPs for people that attack ssh. Not a problem, you might think, since they will never get in anyway since they don't have a valid key. However, looking at the very long logfile of attempts, I thought it was probably best to...
Is this possible when a WebHost Manager reseller click on ConfigServer Security&Firewall in the plugins menu (and other configserver link) to se a different message than You do not have access to modify ConfigServer Firewall .
Instead, i suggest to write: ConfigServer is installed and running!
I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry.
eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltogether.
just thought it would add a whole new level of control :)
Just noticed that the temporary ban was overriding the csf.allow IPs when our webmail server was blocked from accessing one of our servers even though it was in the allow file.
Another annoying thing is that you can't remove the temporary bans through the csf interface (cpanel whm plugin)
Probably un-needed by most people but I could use something like this. If it wouldnt add no bulk or anything that would cause problems id really like to see this.
Would be good in case you have an ip under attack, you could examine tcpdump and see if there is a pattern in TTL which there usually is with some ddos tools/bots.
Or maybe advanced options for the PF feature that includes something...
I'm new to CSF and firewalls in general. I'm trying to complete a PCI scan and I was told by the company doing the scanning that I needed to block SYN packets to certain ports.
This is exactly what was said.:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP...
I'm using CSF-LFD on all my servers, including my VPS servers and it's working very well... until dirwatch meets some huge files, like this can happen when I move a VPS from one server to another. In this case, a temp file is created in /tmp, whose size can be several GB, causing a high load when dirwatch is checking it.
Could this be possible that we can set a max size for the files to be...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum