Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
I've read all post in internet about this. But not work.
After upgrade to Ubuntu 20.04.2 LTS CSF Firewall stop working.
Paths are correct, but still fails.
*Error* The path to iptables is either not set or incorrect for IPTABLES in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/URLGet.pm line 26.
Compilation failed in require at /usr/sbin/csf line 21.
BEGIN failed--compilation...
I have the LF_PERMBLOCK_ALERT set to OFF and have saved and reloaded CSF. Still, even after turning it off I am getting dozens of PERMBLOCK alerts in my inbox every day like the one pasted below. Am I missing some other setting that I have to change to stop CSF from sending me all of these?
We have been using CSF on cPanel quite successfully for years and over the last couple of years, we have started using them on Virtualmin/Webmin servers as well. The difference we see is that while CSF is very well optimized for cPanel with lot of additional custom configuration like monitoring unwanted scripts, monitoring exim login attempts and blocking them if necessary, monitoring service...
my /usr/local/cpanel/logs/login_log is full of failed whm login attempts from ip addresses in verry strange countrys but it looks like the attackers know the defending mechanism against this type of attack because they stop after two failed attempts and a few hours hours later they try again.
I know this would be a working as designed status as my LF_CPANEL is set to 5 so it only...
Is the intended behavior that csf /lfd will only email upon the first WHM root access from the same IP within so many hours?
I'm trying to figure out why lfd only sent one email WHM/Cpanel root access alert when I logged in and out and then in again a few times to WHM. The cpanel login_log shows all three WHM logins, but lfd only emailed once and only logged the first whm login to...
In csf v14.09 when I have permanent deny rules in /etc/csf/csf.deny like the following:
tcp|in|d=1_65535|s=64.62.128.0/17 # do not delete
tcp|in|d=1_65535|s=64.71.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.71.128.0/18 # do not delete
tcp|in|d=1_65535|s=64.90.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.91.224.0/19 # do not delete
tcp|in|d=1_65535|s=64.225.0.0/17 # do not delete...
Hello, cpanel+cloudlinux -Getting an email from CSF about high Memcached usage -
Time: Sat Mar 18 20:02:15 2021 +0200
Account: memcached
Resource: Process Time
Exceeded: 3648865 > 1900 (seconds)
Executable: /usr/bin/memcached
Command Line: /usr/bin/memcached -u memcached -p 11211 -m 512 -c 1024 -l 127.0.0.1
PID: 12208 (Parent PID:12208)
Killed: No
after 2 days it grow to
Time: Mon Mar 20 01:00:15...
Hi
I have a recurring issue on my 2 cpanel/whm controlled vps servers CENTOS 7.9 kvm v94.0.3 .
I have installed csf and lfd as per 'the book' BUT, if I leave service csf enabled the load average gradually ramps up to a huge and non resposive value (I have seen 30 30 30!! - that took some recovery from)
However as soon as I 'systemctl stop csf' the load averages rapidly drop to their usual values...
whoops... silly error. I was placing my ignore commands under IP Blocking rather than process blocking ... completely missed the drop-down list of ignore options.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum