Hi,
I'm getting a lot of lfd on server: Suspicious File Alert , generated by Breakdance page builder for Wordpress.
Looks like this:
File: /tmp/systemd-private-3d4985084fd3401ca76423f2a737ddb8-ea-php81-php-fpm.service-PysP3o/tmp/breakdance-746d3b64/twig-auto-generated-cache/69/6935f4b89776a7d6e242d5319b554acd.php
The file is always different.
My server uses for instance 1.1.1.1 and I want to redirect port 60000 (1.1.1.1:60000) to another server's 2.2.2.2:3392 TCP port.
For this I put the following in csf.redirect:
1.1.1.1|60000|2.2.2.2|3392|tcp
My problem is that this opens TCP port 60000 from anywhere. It doesn't matter what is in csf.conf TCP-IN section (60000 isn't in it, but if a put !60000 it locks it for everyone,...
Since our servers upgraded to Alma Linux 8.9, each time the servers reboot, CSF does not operate as normal until after its restarted via WHM.
On one server that uses PHPMailer and Office 365 SMTP, any emails that are sent by the cPanel account will fail due to network is unreachable and in the /var/log/messages it shows outgoing connection attempts to port 587 being blocked. This is happening...
Temporary blocks that triggered the permanent block:
Tue Jan 16 21:27:06 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secs...
I cant send Email in Roundcube webmail, when click to send I have this error: SMTP error (504): authentication failed
I use CSF firewall and mail port is open. SMTP_ALLOWLOCAL is on, SMTP_BLOCK in on/off not defference, (I disable CSF but i have same error. Even if I remove CSF completely, the same error still exists.)
I use Cloadflare on my whm hostname and my main domain, but cloudflare...
In the new year, i'll potentially be migrating to a new server.
Is there a backup/restore feature in CSF so I can migrate my config over.
Or a cfg file buried away somewhere ?
I have 2 computers on my local network. Several times now, one of the computers is unable to access several of the sites on my server, but the other can access them just fine! I confirmed that both have the same IP address, no VPN or anything.
If I disable CSF, both computers can access the sites with no problem.
I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.
I've pounded on this for quite some time now with the two following custom rules. Log locations set in the conf file, but nothing working. Please make recommendations if you run across this post.
The built in IMAP rules in CSF do not work on my server. Never have. Non standard Debian/Postfix/Dovecot setup to blame I suppose.
Trying to prevent the following. Below are errors, followed by regex...
I'm trying to migrate a WHM/CPanel server from Centos 7 to Alma Linux 8. In Alma Linux, Host Access control does not allow the same configuration as Centos.
In Centos host access control you can select the Daemon, the IP(s), and Allow or Deny. So for example in my Centos config I allow my IP to access SSHD and then I set the next rule to deny all other IPs to that same Daemon.
I'm using Cloudflare, and dealing with attacks that LOOK like they're coming from Amazon / Cloudflare IPs. At 3:06pm today my server load went from 0.68 to 150 inside of 1 second :-O
When Cloudflare sends the IP, it shows up as X-Forwarded-For. I use Apache's mod_remoteip to change that to REMOTE_ADDR in Apache config, using:
I've been getting a ton of suspicious process alerts lately about a Perl script that hasn't been modified since 2020. So I'm pretty sure these are false alerts.
I'm using csf 14.20 on an Ubuntu Jammy system behind a 1GB FIOS connection. With csf/lfd running, I get throughput of about 30M/s, which increases to about 800M/s with csf/lfd disabled. I'm using a fairly generic csf.conf (shown below) and have tried to improve performance by reducing DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT to 100, but obviously it's still subpar. Any suggestions for how to narrow...
For a server I manage, I explicitly want to receive notification emails of successful ssh logins. I've enabled this, and allow-listed my own fixed IP address.
My customer can login to one account using ssh, but doesn't have a fixed ip. Is there a way to allow-list the public ssh key he's using?
An example of such notification would be:
Nov 28 13:05:51 srv sshd : Accepted publickey for...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum