ConfigServer Community Forum

hey, i see a post of someone his cron got a block and crawler bots as well.

I notice sometimes google bot got a block with more other ones... what we can do about that?

I look on csf.ringore
but I didn't understand.
is not get IPs

so what i actually need to do if the crawler have like that:
crawl-66-249-64-130.googlebot.com

and if i need to comment out all of this:
# For example, the...

Hi.

I've read all post in internet about this. But not work.

After upgrade to Ubuntu 20.04.2 LTS CSF Firewall stop working.

Paths are correct, but still fails.

*Error* The path to iptables is either not set or incorrect for IPTABLES in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/URLGet.pm line 26.
Compilation failed in require at /usr/sbin/csf line 21.
BEGIN failed--compilation...

Hi
When I receive an LFD email the subject is something like

SSH login alert for user root from xxx.xxx.xxx.xxx (FR/France/user.domain.com)

But that server connecting is NOT in France. It is in Canada. And when I check the IP is clearly publicly in Canada.

Which service determines this information? Where does FR/France come from?

Thanks!

I have the LF_PERMBLOCK_ALERT set to OFF and have saved and reloaded CSF. Still, even after turning it off I am getting dozens of PERMBLOCK alerts in my inbox every day like the one pasted below. Am I missing some other setting that I have to change to stop CSF from sending me all of these?

Time: Thu Apr 1 02:45:29 2021 -0400
IP: 186.206.129.189 (BR/Brazil/bace81bd.virtua.com.br)
Failures: 5...

We have been using CSF on cPanel quite successfully for years and over the last couple of years, we have started using them on Virtualmin/Webmin servers as well. The difference we see is that while CSF is very well optimized for cPanel with lot of additional custom configuration like monitoring unwanted scripts, monitoring exim login attempts and blocking them if necessary, monitoring service...

Hello,

my /usr/local/cpanel/logs/login_log is full of failed whm login attempts from ip addresses in verry strange countrys but it looks like the attackers know the defending mechanism against this type of attack because they stop after two failed attempts and a few hours hours later they try again.

I know this would be a working as designed status as my LF_CPANEL is set to 5 so it only...

Is the intended behavior that csf /lfd will only email upon the first WHM root access from the same IP within so many hours?

I'm trying to figure out why lfd only sent one email WHM/Cpanel root access alert when I logged in and out and then in again a few times to WHM. The cpanel login_log shows all three WHM logins, but lfd only emailed once and only logged the first whm login to...

In csf v14.09 when I have permanent deny rules in /etc/csf/csf.deny like the following:

tcp|in|d=1_65535|s=64.62.128.0/17 # do not delete
tcp|in|d=1_65535|s=64.71.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.71.128.0/18 # do not delete
tcp|in|d=1_65535|s=64.90.32.0/19 # do not delete
tcp|in|d=1_65535|s=64.91.224.0/19 # do not delete
tcp|in|d=1_65535|s=64.225.0.0/17 # do not delete...

Hello, i facing a little issue, everything work fine.
but when I run a Test on the iptables i get missing modules:

Testing iptables...

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing...

Hello, cpanel+cloudlinux -Getting an email from CSF about high Memcached usage -
Time: Sat Mar 18 20:02:15 2021 +0200
Account: memcached
Resource: Process Time
Exceeded: 3648865 > 1900 (seconds)
Executable: /usr/bin/memcached
Command Line: /usr/bin/memcached -u memcached -p 11211 -m 512 -c 1024 -l 127.0.0.1
PID: 12208 (Parent PID:12208)
Killed: No
after 2 days it grow to
Time: Mon Mar 20 01:00:15...

I've run into this before at I swear sometimes the set loads, sometimes it doesn't. I feels like it happens more often when I add a new blocklist.

Here's my config:

CLEANTALK|3600|0|

FIREHOL1|3600|0|

FIREHOL2|3600|0|

FIREHOL3|3600|0| /blocklist-ipsets/master/firehol_level3.netset

FIREHOLABUSE1D|3600|0|

But as you can see from the log, CSF loads all the blocklists in the config...

Hi
I have a recurring issue on my 2 cpanel/whm controlled vps servers CENTOS 7.9 kvm v94.0.3 .
I have installed csf and lfd as per 'the book' BUT, if I leave service csf enabled the load average gradually ramps up to a huge and non resposive value (I have seen 30 30 30!! - that took some recovery from)
However as soon as I 'systemctl stop csf' the load averages rapidly drop to their usual values...

We would to allow IPs from a FQDN with multiple A records, for example out.adyen.com, which resolves 20 different IPs.

Will this work? Is there a specific way to configure this?

Thanks in advance.

whoops... silly error. I was placing my ignore commands under IP Blocking rather than process blocking ... completely missed the drop-down list of ignore options.

Hello

I would like to activate the access limit for each IP, for example, to allow 5 requests per second for one IP

how can I do that ?

Inquiry

Is CSF useful in protecting against Layer 3 and 4 attacks?