ConfigServer Community Forum

Orpheus cyber awards me 17 points for giving bad example.
they reach out to me to rectify if possible, anyway want to leave clear.
yours fallowing:

I've use csf - ConfigServer Firewall configuration to set within IPv4 Port Settings section,
option from
ICMP_TIMESTAMPDROP = 0
to
ICMP_TIMESTAMPDROP = 1

than tested this using custom ping

--icmp --icmp-type timestamp

reply is:
Starting...

(mod_security) mod_security (id:5000222) triggered by 179.108.72.156 (BR/Brazil/-): 5 in the last 3600 secs (CF_ENABLE) - *Blocked in csf* for 3600 secs
lfd : Incoming IP 179.108.72.156 temporary block removed
lfd : Outgoing IP 179.108.72.156 temporary block removed
lfd : CloudFlare: [CloudFlare: block failed: 400 Bad Request] remove failed: 400 Bad Request (any)

Cloudflare support says the...

I have reported this issue in a different thread about 4 months ago but we still haven't solved the issue. We have two WHM/CPANEL servers that are running CentOS v7.9.2009. Both servers are running csf v14.12. Both servers were running fine for over 3 years until we migrated from Centos 6 to 7. Since then we have been experiencing and issue with CSF that blocks HTTP traffic to all accounts on the...

Under CC_Deny I have IN,IR,IQ to block india, iran, and iraq.

When I do csf -r
I get
...
csf: FASTSTART loading CC_DENY (IPv4)
csf: FASTSTART loading CC_DENY (IPv4)
...

It skips and doesn't list IR

Is IR not the correct country code for Iran for CSF? I'm using maxmind for the CC_Deny

Hi,

I have a few big subnets in my /etc/csf/csf.deny file, let's say for example something like this:

tcp|in|d=22,25,80,443|s=1.0.0.0/8

This will deny any traffic from that net, to the ports listed on my host. However I also experienced delivery issues to MX hosts in the blocked subnet (the connection times out), and I suspect it's because of the order of the iptables rule (replies from the...

I have created and tested a Global Filter to filter outbound emails in a cPanel account. The filter works when testing using the webmail client. When sending an email via SMTP authentication and an email client such as Outlook, the filter does not apply and the email goes through.

I am guessing this is due to csf having some sort of priority for SMTP connections and overriding the rules. Can...

Hi,

# Issue

We've been seeing the following error coming through from CSF/LFD recently:

Time: Wed Jun 11 04:27:14 2025 +0000
Error: Failed to detect code in SYSLOG_LOG

SYSLOG may not be running correctly on server.domain.com

# What I've checked:

I've checked checked that rsyslog is running by using:
systemctl status rsyslog

I've checked that /var/log/messages is being written to...

Hi,

I've noticed a behavior in CSF where temporary blocks issued via `csf -t` do not seem to respect the allow or ignore lists. This led to some unintended blocks of IPs that were explicitly allowed or ignored, which was not expected.

To mitigate this, I implemented a workaround where I first attempt to add a permanent block. If that fails due to the IP being on an allow or ignore list, no...

Hey All,

For some reason none of our cpanel accounts are receiving emails. Sending is working fine. All the correct ports are open in configuration. When CSF is disabled all emails are received and everything works fine. Also removed and reinstalled CSF and same issue. Any idea?

Thanks

Hi!

I'm trying to use CSF on a Digital Ocean (DO) VPS and I'd like to try managing it through WebMin. The VPS came with Uncomplicated Firewall (UFW) pre-installed.

The VPS just serves one website. I like using the DO firewall for blocking ports and allow-listing my home IP, and continue to use it for that.

The only reason I want to use CSF is to block inbound connections from the three...

AlmaLinux: v8.9.0 Standard KVM
cPanel: 120.0.8
CSF: 14.20
Perl: 5 v26

Hi, this may not be anything to do with csf/lfd per se; just checking.

Just elevated from CentOS, and am getting lfd notification emails every 10 minutes:
Error: Failed to detect code in SYSLOG_LOG

And cron messages being sent every hour:
logger: socket /dev/log: Connection refused

Manually sending messages via logger...

Hi Team,
I am using ubuntu 24.04 server minimal using virtualmin pro
Replaced fail2ban with CSF. i keep getting bruteforce attacks or unsure what it is from mail logs please see below assist me with regex codes. apologies just a beginner

warning: unknown : SASL LOGIN authentication failed: authentication failure, sasl_username=shosabu
May 23 15:08:23 server.com postfix/smtpd : disconnect from...

Hi,
Someone can be able to explain me why port 465 works on my CSF Firewall ? I don't have set this port in TCP_OUT and TCP6_OUT. When I use below command, it works.

openssl s_client -connect smtp.gmail.com:465

In CSF I found in Firewall Configuration these parameters but I don't know how they compare to TCP_OUT

SMTP_BLOCK = ON
SMTP_ALLOWLOCAL = ON
SMTP_PORTS = 25,465,587

Blocking countries in CC_DENY from Country Code Lists and Settings blocks access to some domains and their websites on the VPS.
We have to restart CSF to gain access, and so every time we are unable to access without making any changes to CC_DENY, we have to restart CSF again.

Using ConfigServer Security & Firewall 14.24

For some reason CSF/LFD isn't sending out emails notifications for Webmin logins.

SSH notifications work fine.
Se do email test from the CLI.

The option to send alerts is set to Enable: LF_WEBMIN_EMAIL_ALERT = 1

RESTRICT_SYSLOG is set to 3.

Any suggestion would help.