Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
I've recently setup the emails for csf/lfd and I started getting tons of emails coming through, but most of them appear to be false positives.
I've added the following rules to csf.pignore but they don't appear to be working as the emails for the very same reasons are still coming through even after restarting both CSF and even the entire server....
Hi - we're needing some assistance to get these type of attacks blocked automatically with a custom regex- say 10 login attempts in 12 hours to mitigate slow logins and permanently banned and added to block list where we can remove them if needed in case of customer false attempts. We've tried a few things including fail2ban although it would be great if LFD can scan the logs and ban them...
I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.
I've seen some posts about using BLOCK_REPORT to customize when an IP is blocked. I'm looking for something that will allow me to execute a custom script whenever CSF identifies accounts exceeding processes, mem, time limits. I want to be able to kill certain accounts (based on their web hosting plan) via a custom script that will allow me to do further reporting/stats at the same time.
There are a lot of questions on this forum regarding this, and I have read most of them. As is usually the case, I am receiving a huge amount of notifications from CSF, from a cron.php that the user of this server has placed and wants to run every 5 minutes. This process is legit, and we want to keep it running. The output is this:
I'm facing a strange issue where CSF is not blocking nor allowing IPs in Almalinux/CL 9.
If I add a temporarly allow like this, it creates an IPTABLES entry and it doesn't work (port 22 is not in TCP_OUT):
# csf -ta 12.34.12.34
ACCEPT all opt -- in !lo out * 12.34.12.34 -> 0.0.0.0/0
ACCEPT all opt -- in * out...
Hello,
After upgrading from Ubuntu 22.04 to 24.04, and while CSF+ProFTP server was working fine, now it doesn't allow to retrieve directory listing.
Any suggestions ?
Once an hour the load on one of our servers spikes big time. Normal load is barely above zero, but it spikes to loads over 100.0 for a minute or two then comes back down to normal.
When it spikes I always see these: processes, with the first one causing the load:
lfd - retrieving global lists
lfd - retrieving blocklists (waiting for list lock)
lfd - retrieving countrycode lists (waiting for...
Hello ,
I created a custom modsec rule that returns a 403 status code if there is a sql injection attempt, i want csf to block the ip that is triggering this rule by monitoring the log that modsec is logging in it , but it isnt blocking it at all
the log came up as either
/usr/local/apache/error_log or
/var/log/apache2/error_log
so in csf.conf i specified the MODSEC_LOG to be...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum