I am getting attacks via FTP but CFS doesn't seem to be blocking them or adding them to firewall block and I have to do it manually, when I see the hourly reports
they only seem to try 1 account at a time and ONLY 1 attempt at that account , but the same IP number tries numerous different accounts. I can't see any way in CFS settings to block IPs that attempt to log in to different accounts,...
I am having this message emailed to me:
Suspicious process running under user sshd
/usr/sbin/sshd (deleted)
Command Line (often faked in exploits):
sshd: root
it also has a TCP connection to some ip address.
I am a bit concerned what this is or how to go about troubleshooting it further.
if i do netstat i can see some ssh connections saying established from unknown ip...
Hi i have a dedicated server CentOS 5,9 with WHM 11.36.0.11 and in the last update CSF v6.00 at 2 weeks agoo become a problem to me.
This server only have one site vbulletin forum , and after this upgrade my users say the site is extrem slow.
After a quick tests with a browser cleaned with no cache i can duplicate the problem, and the page sometimes takes 20 secounds to open and other times...
For the last 24 hours I have been getting pummeled from 1000's of ips all targeting the same uri attempting a sql injection exploit. I have atomic mod_ security rules in place which are working fine and successfully blocking all the attempts. Of course I want these ips blocked, but obviously useless. I have CSF installed and as a result of the number of max ips allowed in iptables, my table is...
First of all thanks a lot for this wonderful product.
I am having issue on a server where I have memcached running for a VBulletin forum. I have put an entry for memcached process in csf.pignore file but I think it has nothing to do with the alerts I am getting relating to memcahced TCP connections
Executable:
/usr/bin/php
Command Line (often faked in exploits):
/usr/bin/php...
I am having a hard time figuring out what ports are being scanned. The below block is in fact from a hosting client and the temp blocks stop him from downloading mail.
Can someone please let me know what blocks are being scanned below so I can help the client to resolve this.
We have a server that blocks all connection at midnight everyday. We have the same configuration on about 50 severs without any issue. I tried to reinstall CSF, update kernel, iptables -F, etc. I did not find the answer.
103.31.186.82 # lfd: (mod_security) mod_security triggered by 103.31.186.82 (HK/Hong Kong/lh21178_voxility_net): 20 in the last 300 secs - Mon Feb 25 19:57:56 2013
For the past 3 years, we have had a setting in our csf.allow that has functioned just fine.
It's a connection to a specific IP and port for license validation.
On any server that has to connect to the license server, we have this:
tcp|out|d=15xx0|d=NNN.NN.NNN.NN # wcm license validation server out to port 15xx0 only
On the license validation server, we have this line:...
I turned on the built-in GUI. Left the port at 6666, which is the default. Restarted. Now when I try to acess
it says page isn't there. Is this the correct procedure?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum