All our webhosting servers have automatically updated to version 5.75.
Each time a user/customer have been blocked we cannot see the reason in the GUI in plugin in cpanel.
We have to manually restart the csf Restart the csf iptables firewall to get it removed.
No other way to get it removed.
Any one else have the same problem?
Will this be fixed in new release? :)
It looks like CSF firewall is not blocking IP blocks (CIDR ranges) properly.
For instance, I had setup the following rules manually:
csf.deny
208.86.196.0/22 # do not delete Manually denied - Mon Oct 15 17:17:39 2012
208.93.4.0/22 # do not delete Manually denied - Mon Oct 15 17:20:03 2012
178.137.80.0/20 # do not delete Manually denied - Mon Oct 15 17:26:50 2012
Intel PI 5 w/ 4G of Ram
###############################################################################
# Copyright 2006-2010, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com
###############################################################################
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be...
I'm new to my VPS that I've got signed up for and I'm loving it so far. I also like the firewall and how configurable it is and how easy it really is to manage via the interface. There are some small issues that is happening. Some IP addresses are getting temporarily blocked and I'll receive an email letting me know this. I will eventually get around to checking the settings and/or inputting a...
just have a question if it is possible to CC_ALLOW_FILTER on specific port like allowing destination port 20/21 only to CA/US
so all other countries can still access to web pages etc... but stop attacking FTP access.
Hi folks,
I recently had my datacenter update WHM/Cpanel to 11.36X and I've been getting flooded with hundreds of emails a day now indicating Suspicious processes and Excessive processes all related to webalizer for every account on my box.
My data center is suggesting trying increasing some of the process tracking directives for CSF.
I'm not understanding how updating Cpanel should require me...
Hi, my name is Cezar i am administrator of a hosting company from Romania, i use csf and it's verry great firewall, i have a strange problem only with SSL:
When i have CSF enabled and i try to acces my site from a mobile device , my site it's looking like that:
w w w . dims . ro/viewdims/sslerror.png
When i have CSF disabled my site it's look good:
w w w . dims . ro/viewdims/good.png
I have searched the forum, Google and everything I can think of trying to find the answer to my problem so I am hoping you can help.
We updated our CSF to the latest version about 3 days ago. On our server, we host a browser based game that in some cases require users to F5 (refresh) many times. When the user does this about 7 times, it stops that IP from being able to connect to the...
I use CSF for many years without any problem but now I just installed CSF on CentOS 6.3 - 64 bits and i have changed the testing to 0 and i did csf -r to restart the csf but, i still receive the error msg: Enabled but in Test Mode - Don't forget to disable TESTING in the Firewall Configuration.
Hey,
when I globally open port 465 in the TCP_OUT everything works fine and I am able to send email through PHP (i.e).
I've tried as an example to open port 465 only to smtp.gmail.com with this line in the allow table (as suggested in the readme.txt):
tcp|out|d=465|s=smtp.gmail.com
this does not work.
Dear
i have Centos 5.4 installed as DNS server and i installed and configure csf and enable the SYSLOG = 1
but it didnot get any logs to my syslog ( splunk server )
port 514 udp out is open
syslog.conf is set to
*.alert @x.x.x.x
*.emerg @x.x.x.x
ldf.* @x.x.x.x
*.ldf @x.x.x.x
*.auth @x.x.x.x
may be the problem is in the syslog.conf ( i have to add somthing for ldf i dont know about ) , may be...
I looked around and just cannot seem to find where I can add a phrase or keyword so that when that phrase is detected, csf will ban the IP
I've been having an issue with osCommerce tell_a_friend.php and I can search for it and ban ip's that are accessing that file and it will be fine for a few days until the spammers switch to another ip.
So I have to constantly keep banning IP's or they just...
All configserver products are failing after WHM upgrade WHM 11.36.0 (build 2)
They are all upgraded to latest version. For example in CSF I am getting:
Can't use string ( _defheader.tmpl ) as a HASH ref while strict refs in use at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Template/Context.pm line 809.
Hi There,
CSF seems to have lost its functionality. When I try an update it outputs
/usr/sbin/csf: line 1: ?php: No such file or directory
/usr/sbin/csf: line 2: syntax error near unexpected token `'_VALID_MOS''
/usr/sbin/csf: line 2: `if( ! defined( '_VALID_MOS' ) && ! defined( '_JEXEC' ) )'
I am assuming I need to re-install CSF, if so how do I re-install without losing the configuration...
I'm using CSF (btw, where can I see which version is it?) and I just found one of my servers has been hacked.
Looking at the /var/log/lfd.log, I see that a user which was created by the attacked ( ghost ) is using a security exploit to gain root, but I didn't get any email nor did I find the following details:
1. Which security exploit is it?
2. How can I automatically block the offending...
I have found that it a users IP gets throttled by the PORTFLOOD limit, it is logged as *Port Flood* but LFD seeing 11 of them (one more than the defined PS_LIMIT of 10) will result in LFD adding a temporary deny against the IP for *Port Scan* detected .
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum