there are many times a certain page, particularly a login-page, seems to get hit hundreds (or even thousands) of times per minute. obviously this is some sort of hack attempt.
i seem to recall there was some way in CSF to space out multiple hits to the same page from the same IP number. or put another way, maybe a way to only allow one page from one particular IP every 20 seconds or...
CSF 6.47 or maybe a bit earlier version ( I've been on vacation for a several months :) ) seems to have made ALL my carefully researched CIDR block ranges and the few ISO country code blocks I use disappear!!!
I had a few hundred CIDR block ranges in CSF_DENY, and four ISO coutry code blocks established in CSF_config, and now they are totally gone.
When an IP is added to the temporary list CSF.TEMP, the firewall rules created are as follow:
Chain num pkts bytes target prot opt in out source destination
DENYIN 50 0 0 DROP all -- !lo * 123.123.123.123 0.0.0.0/0
sub _assert_ssl {
# Need IO::Socket::SSL 1.42 for SSL_create_ctx_callback
die(qq/IO::Socket::SSL 1.42 must be installed for https support\n/)
unless eval {require IO::Socket::SSL;...
Is there a way to create a block rule, or any way to set it up to auto block based on the port? For example if a customer fails SMTP auth 15 times, can it just block them on port 25? Or if they fail an HTTP authentication X times it blocks them on port 80 only?
Also how about rules just being created for deny, why do we need deny and denyout for every block on an IP created.
I'm using Centos 5.10 with latest CSF installed. Yesterday I did some changes from UI. I only changed SU/SSH login alerts set to root and it was working great for like 6 hours. Today when I saw my mail box I got around 50 mails with this
===
lfd failed @ Wed Mar 26 06:55:41 2014. A restart was attempted automagically.
===
Then I quickly checked few things, but I was getting these errors...
I have fresh installation of CentOS 6.4 and csf
the issue is that lfd dont' start automatically, I need to do
/etc/init.d/lfd start
and after work fine
this at any reboot
why ?
I have the LF_SSH_EMAIL_ALERT = 1 and I was wondering if it is possible to be alerted ONLY at root user login, and not when hosting account users connect SFPT.
Of maybe if I can whitelist certain users to be ignored.
Has this stopped working for anyone else? I don't think I changed any settings that would affect this, and I confirmed that the explicit settings for this feature are enabled, but for the last week or so I haven't been receiving emails for cpanel/root access.
I am new to all this so have one query, How can i enable email alerts of Enable ConfigServer Security & Firewall Alerts to get each process, warnings, alerts via email ?
I recently changed a few things on my server to require all ftp logins be 'ftp with tls/ssl (auth tls explicit)'... I noticed that the only way I can connect now is if I whitelist my IP address. What would cause this behavior in CSF and how can I correct the issue?
If memory is correct the only reason I whitelisted my ip was to prevent blocking myself during development/testing and the above...
i istalled csf and everything is normal but when i turn media proxy on for voip then the sound not passing and dead air hear i even opened all the ports but still the same
I set rules on CSF v6.47 and close ports on a dedicated running CENTOS 5.10 and WHM 11.40.1 with mod_security configured, all was working normally until lfd crashed and started sending notifications every 5 minutes attempting the automagicaly restarts and failures.
Actual Situation:
CSF is running on this machine
Do NOT flush the firewall
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum