Request: Please provide an option for CSF when blocking an IP locally in CSF, to also block the IP in CloudFlare under the server configured default account. I understand this would only work for a single cloudflare account, but it would be nice for those of us who do use it in this way.
Thus if someone is probing my server for vulnerabilities over SSH, POP, SMTP, etc... and get blocked, they...
Suggestion - block Exim attacks that are designed to degrade server performance:
Log files below of the issue (IP used is arbitrary). CENTOS 7 server.
Log directory:
/var/log/exim_mainlog
2019-02-13 18:51:46.727 no MAIL in SMTP connection from :53797 I= :25 D=10s
2019-02-13 18:51:57.453 no MAIL in SMTP connection from :57662 I= :25 D=10s
2019-02-13 18:52:08.176 no MAIL in SMTP connection from...
Just wanted to make two small suggestions for some of the cluster functionality:
1. When using cluster ignore or allow the entry added to the cluster members is missing the date and time at the end of the entry (like when the cluster deny is used). It would be nice if this was added.
2. The cluster ignore function allows you to add duplicate entries. It would be nice if it a check like the...
I have a suggested patch as I have a cluster of 3000 servers and putting 3000 IP addresses in the csf.conf file seems to be a really ugly solution.
My suggestion is to include the possibility of an include file as follows:
1.) If you have only a few servers in your cluster, configure the CLUSTER_SENDTO and CLUSTER_RECVFROM as normal.
2.) If you have many, start the config of CLUSTER_SENDTO...
Some time ago I briefly deactivated CSF because there was something not quite right on my server, and I was wondering if CSF might be the culprit (It wasn't). After testing was complete, I clicked reactivate , saw a message that said DONE! and went to continue with other tasks.
Today I found out that my firewall was down during all this time, putting my server at an unnecessary risk. Why?...
Usually LFD detects modified binaries that have been updated by yum / apt on the integrity check.
It would be quite useful if you send the last lines of the yum / apt log (last 24 hs) attached or appended to these e-mails to quickly check if those changes correlate with the modified files or not.
I noticed from LF_Xxx notification that when an IP is blocked by CSF, it will 99.99% appear in some kind of Blacklists (RBLs).
I know RBLs is an entirely different area of discussion here, but since when an IP source trying to Bruteforce and its IP got blocked by CSF also appear in Blacklists (RBLs), I wonder if there will be any future development to make use of the...
I just recently switched cPanel AutoSSL provider from Let's Encrypt to cPanel via Comodo .
The SSL cert requests stayed in queue for an excessive time, and I wound up logging a paid support request with cPanel.
It was discovered that the DCV was failing and thus blocking cert delivery due to either 1) because I had a number of the remote domain query from addresses blocked (Russia, China,...
I have been running CSF for a long time and recently upgraded from MariaDB 10.1 to 10.2. As part of the upgrade, I decided to clean up the my.cnf commands, including moving to underscores instead of dashes.
This morning, I received a warning during CSF's check stating:
Check MySQL LOAD DATA disallows LOCAL
You should disable LOAD DATA LOCAL commands in MySQL by adding the following to the...
Attempting to start LFD while in TESTING mode does not report the correct error *Error* lfd will not run with TESTING enabled in /etc/csf/csf.conf . Instead, /usr/sbin/lfd attempts to close and unlink the $pidfile /var/run/lfd.pid using an undefined file handle $PIDFILE at line 7186. This causes the error: Can't use an undefined value as a symbol reference at /usr/sbin/lfd line.7186 .
Now I have a server under my hand with csf with DENY_TEMP_IP_LIMIT=250.
250 entry is enough for about 4 minute denys, and there are rotated out.
But it's should deny IPs for 120/60/30/5 minutes...
Is there a way to support ipset for longer denies?
Problem: Unable to get updates automatically using csf -u, although manually downloading and reinstalling works. Both mode 1 and mode 2 updates fail. LWP and Tiny are installed, and all other software (wget, cpan, apt) use the proxy successfully.
The csf code is not reading or using the environment set proxy information. Calls to get the updated package occur in URLGet.pm - funtion urlgetLWP...
It seems that csf runs csfpost.sh with sh instead of just using the shebang that was specified. This causes some unexpected behaviour if you need more logic in these files.
I can only reproduce this on Ubuntu, CentOS has no problems. I've added the following code to csfpost.sh:
#!/bin/bash
if ; then
echo Please do not use sh to run this script ($0)
fi
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum