I have a very strange problem with CSF running on a VPS with cPanel.
This started to happen at a random moment.
When trying to access any site hosted on that VPS, the title of the page loads and so do some of the first bytes. Sometimes the header of the webpage is shown, sometimes not. The browser shows as the page is loading, but nothing more happens.
I want to block any offender that generates that kind of message in syslog:
Mar 30 20:20:43 ns drupal: SOMESITEURL|1396203643|BOTCHA|110.82.153.175|SOMESITEURL/contact|SOMESITEURL/contact|0||contact-mail-page post blocked by BOTCHA: submission looks like from a spambot.
(SOMESITEURL = what is says, because this forum is absolutely paranoid, not allowing an URL to appear in posts)
My server was hit with brute force pop3 logins from one IP continually for about 17 hours until I blocked it. The server maillog registered 41,161 entries for the IP for these hours.
I don't know why this was not blocked automatically by the server but this is the settings for blocking brute force pop3:
I recently installed CSF on my VPS and found out that the IP deny doesn't work.
I wanted to try and see if the IP deny works, so I blocked one my of the IP addresses. When I tried accessing the site from the the blocked IP address, I can still access the site.
I installed at 22:04 and by 22:57 I have 11 (now 13 by 23:02) restarts - and this is my second server, the first one is also constantly doing this. I thought it was an issue on the old (ancient) server, but this one is new today.
Then I thought it was a warning of brute force attacks, but I don't think it is, the program itself seems to be constantly crashing and restarting. 11 times in 53...
For some odd reason CSF is blocking Softether VPN from working.
Essentially I keep csf enabled but flush all the firewall rules. I then connect via VPN(L2TP) and connect successfully (ip is assigned) however the internet will not work. If i disable CSF the VPN works fine with internet passing through and everything. Again: When i have CSF enabled I am allowing all ports in and out (for testing...
I have only been using csf for a week or so now and I keep getting emails every couple hours saying
Server:
Primary IP:
Service: lfd
Notification Type: failed
Notification: lfd failed @ Sat Mar 29 18:07:43 2014. A restart was attempted automagically.
Service Check Method:
Number of Restart Attempts: 1
Syslog Messages:
Mar 29 14:05:01 alpha lfd : SYSLOG check
Mar 29 14:00:00 alpha...
On VPS Centos 6 64 we have installed firewall, when a client was to import example something on Wordpress or upload on website something or even install script he gets timeout and erros. When the firewall gets disabled all working perfectly! Any advice?
I am trying to find a way to control the sending of distributed attack emails notifications only. I can't seem to find a way to do this. The reason is there are so many of these notifications, upwards of a thousand a day, for smtp and ftp.
Is there a way to manage specific lfd email notifications?
Hi an issue has started happening on my centos 6.4 x64 kvm vps only in the last 24 hours where all ports are being blocked so there is no access to the vps. The only access that works is via vnc in the Solusvm control panel. If i restart csf the problem clears for up to 20 mins sometimes but then it blocks ports again. checking the logs at the times of when the problem occurs im seeing this entry...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum