Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
Hello,
After upgrading from Ubuntu 22.04 to 24.04, and while CSF+ProFTP server was working fine, now it doesn't allow to retrieve directory listing.
Any suggestions ?
Once an hour the load on one of our servers spikes big time. Normal load is barely above zero, but it spikes to loads over 100.0 for a minute or two then comes back down to normal.
When it spikes I always see these: processes, with the first one causing the load:
lfd - retrieving global lists
lfd - retrieving blocklists (waiting for list lock)
lfd - retrieving countrycode lists (waiting for...
Hello ,
I created a custom modsec rule that returns a 403 status code if there is a sql injection attempt, i want csf to block the ip that is triggering this rule by monitoring the log that modsec is logging in it , but it isnt blocking it at all
the log came up as either
/usr/local/apache/error_log or
/var/log/apache2/error_log
so in csf.conf i specified the MODSEC_LOG to be...
It seems LFD outputs its blocked messages (eg. Firewall: *UDP_IN Blocked* IN=eth0... ) to the system journal with priority 4 (warning), even when it's just blocking incoming traffic based on port number. This makes them gold-coloured in my TTY, but more annoyingly it gets spammed out to my VPS's emergency console standard output, putting out lines every few seconds. Is there a way to get LFD to...
Temporary blocks that triggered the permanent block:
Tue Sep 10 07:14:01 2024 (CT) IP :: (Unknown) found to have 32 connections
Tue Sep 10 07:44:01 2024 (CT) IP ::...
Hi there,
After the latest cpanel update to version 122.0.5 we have all of sudden been getting lfd email every hour as such:
Time: Mon Aug 26 16:07:26 2024 +0100
File: /tmp/.spamassassin3950SumxCatmp
Reason: Suspicious directory
Owner: nobody:nobody (99:99)
Action: No action taken
I get this email from my server:
Subject: Cron /usr/sbin/csf -u
Message: csf and lfd have been disabled, use 'csf -e' to enable
I logged in to WHM to enable again all connection become blocked, if I disable via SSH everything works fine.
I can't image what I have to do to work again, should I reinstall csf or how can I find the problem?
I did not changed anything for weeks, csf updated 5...
When CSF blocks an IP, it shows all the information of where and why including the country code. I'm not sure where CSF gets the country code information but why can't you simply block by the country code instead of huge lists of CIDR's? I am able to do this in Modesecurity but I would rather block for the entire server instead of just http.
We are trying to block all incoming IPs and only allow cloudflare IPs. We've whitelisted this in csf.allow we still wanted to check if from CSF side if we can block all other traffic.
I hope you are well. I now manage numerous servers running WHM; and I have lately begun integrating config server security and firewall and login failure daemon to improve the security of these systems. While I have some familiarity with server management; I am new to the more advanced configurations and optimizations that CSF and LFD provide. I am seeking out this informed...
I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum