Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
I recently installed CSF with default rules in a cPanel/AlmaLinux with LiteSpeed.
When accessing a link like Safari keeps loading until error connecting...
If I disable CSF it works.
I can't find any logs about this issue... no logs for blocked or other issues, it just drops...
HI I enabled the web UI for CSF, getting connection reset by peer while doing a curl
The webpage at might be temporarily down or it may have moved permanently to a new web address.
ERR_UNSAFE_PORT
UI = 1
# Set this to the port that want to bind this service to. You should configure
# this port to be >1023 and different from any other port already being used
#
# Do NOT enable access to this...
Hi guys, I'm new here, but I've been using CSF for many years! Over 2024, there has been a surge in Internet attacks and I've recently discovered something with my CSF install that I think is weird and wanted your opinion and eventually maybe a suggestion to mitigate the issue:
In my config, I have:
LF_TRIGGER = 0
LF_APACHE_404 = 200
LF_APACHE_404_PERM = 3600 (1 hour)
LF_INTERVAL = 300 (5...
I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.
I have setup a modsec script to help protect my wp-login.php file. Essentially the script that I've found will block access for the offending IP address for 5 minutes upon 10 failed login attempts over a 3 minute duration.
I'd like to utilize the LF_MODSEC portion of CSF to add them to the iptables firewall so that they're blocked right at the front door.
We allow remote MySQL access for specific IP adress, by adding a rule to the csf.allow file as following;
d=3306|s= #
This has been working fine for a couple of years now.
However, since a few days we got multiple complaints that MySQL access is blocked. When checking the logs I see these entries; indicating that the port is blocked. I have seen multiple cases of this, on...
OK I know, CSF is an IP based firewall, but we are already working with domain name.
In csf.dyndns.
Could we get something like csf.blockeddomain that will work the other way?
Check every 10min what IP the domain has and add it to block list?
Hi, I'm looking at logs and finding that src ip's are looking for trouble, but they are spreading their attack times to a couple of tries over a spread of minutes. Cannot find a way in csf config to set a ban for this. Here is a sample of the syslog to show what I'm seeing (pruned the log down for viewing):
I have CSF configured to block SMTP Auth attacks, syntax errors, and POP3/IMAP access attempts. However, none of those appear to be being blocked at present and only SSH attacks appear to be blocked. I've double checked my configuration and it appears to be correct, but it's like CSF is ignoring it. I installed the software with CPanel but that shouldn't be the reason for that I wouldn't think....
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum