Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
MESSENGER was working on my server but now, isn't. I checked all the log/configuration and didn't find why. Is there any option to restore the values to default, rebuild the files, etc?
I have tried the MESSENGER V3 and it is not working on my server.
I have done the following:
1. Created SITEKEY and SECRETKEY V3 at recaptcha google for my server.
2. Set V2 to 0
3. Set V3 to 1
4. Changed SITEKEY and SECRETKEY from V2 to V3.
5. Restarted CSF.
6. Created a temporary IP BLOCK.
7. Tested a web site and the RECAPTCHA showed on, tried the UNBLOCK and then tried to access...
I am using DUC IP on my home computer and have verified that my public DNS name is `myHost1.ddns.net` - yet my computer is not able to SSH to my server. The only way I can SSH in is if I add my home networks IP to the `Firewall Allow IPs`
Hello!
I have set the port scan function to below on Debian 10:
PS_INTERVAL = 60
PS_LIMIT = 20
seems to consider all 443 connections as new connections and ban the client Any idea why this might be?
Hello!
Time: Thu Jan 26 16:51:58 2023 +0100
IP: 195.38.120.xxx
Hits: 21
Blocked: Temporary Block for 3600 seconds
Sample of block hits:
Jan 26 16:51:13 server kernel: Firewall: *Port Flood*...
As of about a week ago CSF appears to be timing out processing of queued emails. If the message is sent manually using WHM > Mail Queue it times out.
Nothing more specific than connection timeout is reported.
At the same time we started getting random calls from clients, their website wouldn't load for them, mail app can't connect etc.
We have flushed everything, restarted and...
While CSF is active, it also blocks the IP of normal users. How can I find a solution to this? The IP of our customers using Outlook is blocked. Since the ip is not fixed, it is not a solution to remove ip.
Hello
I am trying to filter incoming messages via CSF
When I apply this:
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ postfix\/smtpd\ : warning:.*\ : SASL *? authentication failed/)) {
return ( Failed SASL login from ,$1, mysaslmatch , 3 , 25 , 1 );
}
This does not break, I do not see the IP blocked in the management.
Any idea?
Mz
A new server with Cloudlinux installed, Installed CFS, but all messages are logged to the console, making the console unusable.
I have no idea what setting needs to be done for this to stop. Any help is appreciated, as I am sure I am not the only one. This was presented before here: (but no fix was provided)
Instructions I think how to block tor in /etc/csf/csf.blocklists by uncommenting this line (remove the #):
#TOR|86400|0|
and in /etc/csf/csf.conf make sure URLGET is set to use LWP then restart the firewall
We leave the ip=1.2.3.4 and don't change it to our server ip address?
I'm using Logwatch and have noticed a bunch of logs coming in for ICMP.
For example:
iptables firewall
Listed by source hosts:
Logged 1760 packets on interface eth0
From 3.87.248.151 - 1 packet to icmp(8)
From 3.231.165.178 - 2 packets to icmp(8)
From 3.236.183.212 - 2 packets to icmp(8)
From 3.236.184.164 - 3 packets to icmp(8)
From 3.237.184.3 - 1 packet to icmp(8)
From 3.238.39.131 - 1...
I run a MyBB forum, and MyBB utilizes PHP mail() for account activation e-mail addresses. In my csf.deny, I have 0.0.0.0/0 denied. This is to prevent all incoming requests directly to the server. The website is only accessible by going to the domain. The issue with this, is that it makes PHP's mail() function a little finicky. Is there a way with CSF to block all incoming requests, but allow all...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum