ConfigServer Community Forum

Hello,

I am running LFD/CSF on three servers and on all servers I have the same problem since the first day when I set-up the server and installed LFD/CSF.

I am running nginx + php5-fpm + MySQL and lfd.log file is full of warnings:

Jan 3 00:21:57 pro1646 lfd : *Suspicious Process* PID:30238 User:www-data Uptime:7300 secs EXE:/usr/sbin/php5-fpm CMD:php-fpm: pool www
Jan 3 03:21:01 pro1646 lfd...

Hi,
Currently have CSF v 5.72
The firewall does not seem to be blocking IPs. I am receiving hundreds of emails saying that an IP (108.166.114.12) has been permanently blocked however there are repeated entries/emails for the same IP

When I try and search for the IP in the IP Tables the following is displayed, which is not a normal result from what i remember

Searching for 108.166.114.12......

We have a new server installation of openSUSE 12.2 (x86_64) and installed csf 5.73. The process ignore reporting does not seem to be working correctly. We have included lines to ignore apache including all three of the following:

exe:/usr/sbin/httpd2-prefork
user:wwwrun
cmd:/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -k start

We still get emails with:...

I am seeing following block email from one of my VPS running csf, I need to know what exactly this mean.. (123.123.123.123 being my server IP and server5 is server name).

Time: Thu Jan 17 10:45:32 2013 +0300
IP: 180.234.38.231 (BD/Bangladesh/)
Hits: 11
Blocked: Temporary Block

Jan 17 10:43:35 server5 kernel: Firewall: *TCP_IN Blocked* IN=venet0 OUT= MAC= SRC=180.234.38.231...

Excuseme

Do you know what happens if put DENY_IP_LIMIT = 0 ?

I need more 1000 ips limit, if i write DENY_IP_LIMIT = 0 csf.deny work with 0 or limit max is 1000 ips.

I need indefinite limit.

Hello,

CSF is latest version, Geo database unzipped and stay in correct folder but it seems that CSF do not try use it. PurePerl require few perl modules (like Import, Export etc.) all of them installed by CPAN but CSF still not use database. Some testing option might be useful for such case.

Regards,
Dima

hello
I've installed Direct Admin on my server and I need to install CSF on it but it's not possible
--------------------------------
Checking Perl modules...
Can't locate LWP/UserAgent.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 22) line 2.
BEGIN...

Hi all. I've been working in mitigating the attacks I'm suffering in my server and now I have a question.
Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:

om/m1oly.png ( remove the space, sorry I can't post links )

(there is no filter in the capture, only port...

Hi,

I can not update anything having to do with access to the Redhat network with CSF running. I have two switch off CSF just to update PHP, etc.

The following command at shell times out after several minutes with CSF running:

time yum list updates

The output eventually reads:

There was an error communicating with RHN.
RHN Satellite or RHN Classic support will be disabled.
Unable to connect...

Hello,

I have a dedicated cpanel server at a colo here in Virginia. We have 1 client who has employees who connect to virtual desktops on a Citrix VM. While working on their virtual desktops they cannot see any websites we host; traceroutes show them traffic stopping one hop before our server.

We switched to CSF from APF a few months ago. I have this clients Citrix ip range (an entire /24)...

Hi there -

My servers are setup to only allow ssh by root. These alerts work fine with actual root logins but I've also gotten a couple of alerts with no evidence of an actual ssh/root login -

lfd on server.servername.com​: SSH login alert for user root from 62.212.154​.143 (NL/Nether​lands/www.​digiinfo.n​l)

When I parse /var/log/secure for this IP, there are no log entries. When I parse...

Hi,

I have a customer who's IPs are continually being blocked (he appears to have extremely frequently changing dynamic IPs!)

Is there a way I can find out more about what is causing the block? When I go to csf.deny is just says too many temp blocks :(

Thanks!

Hello,

I'm trying to configure LFD to send me an e-mail only when root logs in via SSH. I have LF_SSH_EMAIL_ALERT=1 and I get e-mails on every login to SSH, which I don't really need, especially since FTP is disabled and I require all users to use SFTP so I don't need an e-mail everytime they FTP in to upload files. So I just want alerts on root login, is there any way for me to configure this?...

Hello, good afternoon all ;)

If possible change time temp ban in csf firewall ?

I did not find anything about it.

Someone can help me and tell me if you can and if you ... how to do?

Thanks for support and assistance.

Best Regards,
Maelstrom

Hello all,

I am seeing many failed entry attempts in my mainlog for exim. Here is a snippet from that log file:

2011-09-18 16:48:22 login authenticator failed for 200-161-109-106.dsl.xxx.xxx.xx (ieikedh dot com) : 535 Incorrect authentication data (set_id=1234)
2011-09-18 16:48:24 login authenticator failed for 200-161-109-106.dsl.xxx.xxx.xx (ieikedh dot com) : 535 Incorrect authentication...

Hi,

Looking at the following line, how do I know which email account caused the firewall block:

vps lfd : (smtpauth) Failed SMTP AUTH login from 196.214.185.114 (ZA/South Africa/dc1.mesure.co.za): 5 in the last 300 secs - *Blocked in csf*

Got a weird problem. Running Centos 6.3, cpanel, csf. The server isn't receiving email. It sends fine.

csf configuration shows port 25 inbound/outbound open.

From two other servers I tried to telnet in to the server and the connection is refused ( telnet xx.xx.xx.xx 25 )

It is refused whether csf is enabled or disabled. Both the server IPs are also whitelisted in the firewall.

Host Access...

Hi,

One of our client is not able to open webmail and cpanel when CSF firewall is enabled on the sever, i have checked their local ISP's IP 116.203.16.172 is not blocked in the server firewall in temp deny or perm deny, though they are not able to open webmail and cpanel. then i have tried to allowed that IP in server firewall allowed list but the problem is still persist. as i disabled CSF...

Hi

I'm new to this ConfigServer/ModSecurity.

I've got an issue with CSF blocking PDF uploads bigger than 4mb. I've included the logs and removed anything that might identify our site/login details :)

Can anyone advise what to do here?

Thanks

GD

==> /etc/httpd/logs/modsec_audit.log 64216 80
--cba2c550-B--
POST /wp-admin/async-upload.php HTTP/1.1
Host: examplecom
Connection: keep-alive...

Hello i have problem with one user on my dedicated server i accept email every 10 min from server with this message

Time: Thu Dec 13 16:02:27 2012 +0100
Account: guxi
Resource: Virtual Memory Size
Exceeded: 210 > 200 (MB)
Executable: /usr/bin/php
Command Line: /usr/bin/php /home/guxi/public_html/index.php
PID: 724755
Killed: No

What need to do to repair this problem or why i accept this...