ConfigServer Community Forum

Hola, quisiera saber que quiere decir esto

Time: Sun Jul 13 08:39:30 2014 -0500
Account: securema
Resource: Virtual Memory Size
Exceeded: 201 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /newdisk/securema/public_html/oskalpanama/wp-content/themes/central/js/default_dynamic.php
PID: 27134 (Parent PID:25433)
Killed: No

Hi,

I can see that there is an option for Include /etc/csf/csf.alsoallow

Is there a similat alsodeny or alsoblock ?

I would like to set up a facility to automatically update a list of blocked IP address (from Wizcrafts).

Perhaps I am going about this the wrong way. Does anybody have any suggestions for a better approach? What is the easiest, most-automated way to add block lists to iptables?...

Hi,

115.240.6.83 # lfd: (mod_security) mod_security (id:950004) triggered by 115.240.6.83 (IN/India/Maharashtra/Mumbai/-): 5 in the last 300 secs - Mon Jul 7 16:25:26 2014

What is this block, why our client's IP is frequently blocked in CSF firewall for the above reason ??

And Finally what is the solution how to get rid of it, As client and we both are tired for this really.

Regards,

At the end of the email there is this code:

open3: exec of /usr/bin/openssl ciphers -v ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP failed at /usr/local/csf/bin/servercheck.pm line 1081

Hi,

It looks like my server may have been blocked from your server - the upgrade button displays the message

Unable to connect to com, retry in 247 seconds. An Upgrade button will appear here if new version is detected

I can access configserver. com with wget from this server either. Can you please let me know how to get myself unblocked?

Thanks

I have LF_MODSEC set to 10, so I am expecting to have CSF block an IP after there have been 10 Mod Security Failures.

When I get email notifications from CSF regarding an IP block that has taken place due to Mod_Security, it looks like this:

Time: Mon Jul 14 21:08:24 2014 -0500
IP: 1.2.3.4 (FR/France/some.reverse.dns.fr)
Failures: 5 (mod_security)
Interval: 300 seconds
Blocked: Permanent...

when i run the iptables test i get this:

esting ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing...

Hi,

Is it possible to unlock an IP address (mine) via SSH?

I am testing CSF in WHM and I need my IP address to get blocked, but I can access the server via SSH using a device with a different IP address.

Thanks,

Hello,

Have been trying to find a command to block an ip in the cluster but cannot seem to find it.
I use csf -d ip but how can I get that out to the cluster?
Are there any commands for that?

Hello everybody!!

I've installed CSF but I got some problem. I've a django application that write on my database if I make a POST on this url
If I make the request without the firewall it's all ok, but with the firewall active I receive a 502. I've look in the syslog and it say:

Jul 1 09:58:53 localjobserver-dev2 kernel: Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=188.226.199.19...

Hello !

We all know CSF has interface button View lfd blocking statistics
One of the parameters shows pie picture Block triggers in the last 12 months

Just interested to understand - from what log file it takes the statistics for 12 (!) months ?

Thanks in advance for answer !
Regards,
Serge

Ok I have posted this before and still no luck. Any help would be great. Anyway I only deal with about 7 countries and like to block all others. So when I use either CC_Allow or CC_ALLOW_FILTER with these settings CA,CH,CN,DE,GB,TW,UM,US, the issue begins to arise in my main log. I'm getting some errors now and would like some help to get them resolved or a place to look and see how to get them...

I've been reading up on RHEL7 and July's release of CentOS 7 and I am very concerned by the change to systemd

It affects syslog and init.d and cron which seems like a pretty big change.

Does CSF work on systemd based nix?

Or do we need to stick with CentOS 6 and wait awhile.

The readme.txt file states:
To take advantage of kernel logging of iptables dropped connections you should
ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers
have this disabled and you should check /etc/init.d/syslog and make sure that
any klogd lines are not commented out. If you change the file, remember to
restart syslog.

This is confusing since I could not find...

I just installed a brand new DA server w/CentOS 6.5. There are no domains on this account yet the mainlog file is flooding with errors. I'm not sure why. I have no experience with CSF as previously I used APF & BFD.

pastebin com/Q4BYUSMr

Can someone please help me with this?

Exactly where do you set the temporary ban duration? My temporary blocks are lasting only 60 seconds and I can't seem to find the place in the configuration to make it longer. I'm getting hit with excessive SMPTAUTH failures, and although my LF_SMTPAUTH setting is 5, the bans only last a minute and then the game continues...

Hi

I'm having a bit of an issue. I have setup a KVM VPS on my CentOS 6.5 which has routed networking.

I have a DNAT rule in csfpre file which as traffic comes in (PREROUTING), the external IP is changed to the local IP. As the traffic traverses the iptables chain, it seems to be dropped (not rejected) somewhere in the FILTER FORWARD table. This is not being logged in /var/log/messages.

If I...

Hello CSF community,

Background:
I like the way that CSF warns (via email) about Excessive resource usage
I have learned to use the csf.pignore file to ingnore a process that I know is resource intensive.
For example, in csf.pignore I added cmd:spamd child and no longer get warnings about spam assasin running.

Problem:
Every night when my daily backups run I get many email alerts about...

Hello to everyone !
Is it possible to use CSF to allow access to a port only from a certain IPs ?
It seems to be a simple question - but I did not find an answer yet.

Let's say I have SMTP on 110 port.
I want to allow access only from external IP 68.192.172.14 and 85.5.39.156 (what means only these 2 IPs are allowed to send emails)
All other Ips must be blocked by default.

Thank you in advance...

Hi,

I keep seeing this message in my logs:

Unable to retrieve blocklist MAXMIND - Unable to download: 599 - Net::SSLeay 1.49 must be installed for https support

Any idea how I rectify this?

Thanks
M