Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
Hello,
i am facing a big problem?
I am using csf with cpanel / whm .
Please take a look at this part of the exim_mainlog which indicates some of the 4000 dovecot failed logins over the last 5 days. :
Line 118101: 2023-09-15 06:54:10 dovecot_login authenticator failed for 107.40.3.213.static.wline.lns.sme.cust.swisscom.ch :43582: 535 Incorrect authentication data (set_id=abuse@domain.com)
Line...
MaxMind will begin requiring HTTPS for GeoIP download requests in March 2024. To help customers get ready for this change, we will have a planned, temporary enforcement of this policy on October 17, 2023.
Could the devs kindly advise if CSF is interacting with MaxMind over HTTPS already?
When adding a new ip to the allow list using csf -a, the rule seems to be isnerted into IPTables, however, its not being honored. We still see blocking messages in syslog.
Rebooting is the only way I have found to clear it. Disabling fasstart did not work, enable/disable did not work.
Hello all!
I have problem with CFS. almal 8.8+DA. CSF shows:
You should consider disabling commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list:
Affected PHP versions:
/usr/local/php56/lib/php.ini...
If an IP starts gobbling up server resources by hitting a website multiple times, can we use CSF to rate limit them ? What I mean is, to slow the resource allocation to that IP if it is hitting the server multiple times.
I currently have an Apache box with linux CentOS7 and I also use Mod Sec.
Hello,
i recently was checking lfd.log ( i am using CSF/LFD with WHM/cPanel) and it caught my eye that although my server is constantly being targeted by potential perpetrators for trying to login by SMTP there are no entries in the lfd.log that indicate that lfd picks up these failed attempts.
Here is a grepped part of my exim_mainlog indicating failed smtp login attempts :
2023-09-13...
We currently have a custom blocklist and we managed to implement a webui for asking an unblock. But as the blocklist can only be reloaded each 3600s, the user have to wait a maximum time of 3600s to get unblocked.
Is there a way to trigger a blocklist reload within CSF/LFD from SSH? In this way we'll be able to unblock instantly an user.
RH Linux server
Kernel 3.10.0-1160.88.1.el7.x86_64
WHM/Cpanel 108.0.15
csf v14.17
Things had been working fine but after recent kernel update, upcp script for nightly maintenance does not run properly.
Yum updates fail.
If I drop the firewall, everything runs as it should, but when CSF is back up maintenance fails and exits.
Seems like it is blocking access to repos - MariaDB103,...
Sorry to re-open an old thread but it's related, I added several IPS to the csf.ignore file and this seems to not work as these ips still get blocked by these exim syntax errors. Is there another file I need the IPS in so they are not blocked by CSF?
Thanks
Currently on up to date version V14.19
A few weeks ago I received an email stating that I'm sending requests to rather than for MaxMind database downloads and that in the coming months http is going to be removed.
I believe CSF is doing the http requests to Maxmind as I just checked and found the following:
I know this is my first post here, however I must do it since there is no support for CSF on Help Desk. Long story short I have a few ARM64 servers with AlmaLinux, Alibaba Cloud linux, Ubuntu 22; and CSF and LFD does not function properly. For instance, the CSF service on all of them:
I'm inquiring about the possibility of utilizing CSF to block all bots while allowing an exception for Google bots. Google has kindly provided us with a list of whitelisted IPs at the following links:
Googlebot IPs:
Special Crawlers IPs:
User-Triggered Fetchers IPs:
Google IPs:
I've attempted to research this on various forums but haven't been able to find a solution. Most...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum