Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
Hi, bit new to using ConfigServer and wondered how I can change the sensitivity of the IMAP filters to allow for more failed IMAP login attempts or change the time period.
We are getting quite a few genuine logs attempts but they are failing after 10 attempts.
Is there some setting that after a certain time period can automatically Unblock the failed IP address trying to login to IMAP.
So the...
hello I receive always ldf email alerts tons of.... 500 alerts and mor at day
i've tried many solutions PT_user =0 , disabling email alerts on csf.conf
put some process in csf.pignore
tried all solutions founded on the web but nothing works
always tons of email with alerts from lfd
i have plesk and linux so not a gui not cpanel but all commands via ssh
I cannot filter email to not send via plesk...
| SYSTEM INFORMATION||
|------------------------------|-------------------------------|
|OS type and version|AlmaLinux 9.5|
|---|---|
|Webmin version|2.202|
I will likely post this also at the Webmin forums, but just in case it's relevant here, I saw a number of errors and if CSF supply the Webmin install template, a small layout issue after following the...
I have been trying to configure CSF and Docker under a Plesk server. There are many posts in forums reporting that when Docker creates a NAT redirect to certain port, that port is exposed to the entire world.
I tried to use this csfpost tool but apparently It hasn´t worked.
In some way, installing netfilters tool for saving iptables rules I have managed to store a set of iptables rules...
In searching here I was unable to see whether CSF is compatible with nftables. I only found info on iptables-nft.
My application is cPanel servers running Almalinux, on which firewalld is installed and running on nftables. My question is simply will CSF drop in to that system and run fine? (I would assume yes, that nftables is fully supported, and that no tweaks are needed. But I didn't find the...
Can someone provide a regex that handles this line in /var/log/secure? I tried a couple of things, and don't seem to get it, even trying to copy and adapt one that's already there. Here's the line:
Nov 11 13:00:01 boston systemd : pam_unix(systemd-user:session): session opened for user root(uid=0) by root(uid=0)
I have blocked the IP address 128.245.64.22 in CSF:
Table Chain num pkts bytes target prot opt in out source destination
No matches found for 128.245.64.22 in iptables
IPSET: Set:chain_DENY Match: 128.245.64.22 Setting: File:/etc/csf/csf.deny
Permanent Blocks (csf.deny): 128.245.0.0/16 # do not delete
Hi,
LF_APACHE_404 not working on cPanel with litespeed.
HTACCESS_LOG is setup with /var/log/apache2/error_log but not working
I've inserted custom regex but no work.
Can you help me to build custom 404 regex on cPanel litespeed?
I have an issue because every day I receive from lfd information about overload my server and logs shows me many connections from Microsoft adress IP. Manual block IP isn’t good because every day is another IP. In Csf I have set two parameters: CONNLIMIT 80;50,443;50 i PORTFLOOD 80;tcp;100;60,443;tcp;100;6 but it doesn’t work. Could you give me any suggest how to resolve this an issue?
I've recently setup the emails for csf/lfd and I started getting tons of emails coming through, but most of them appear to be false positives.
I've added the following rules to csf.pignore but they don't appear to be working as the emails for the very same reasons are still coming through even after restarting both CSF and even the entire server....
We are running new cPanel install on AlmaLinux via Lightsail Instance.
Configuration:
Access to WHM and cPanel is limited to single static IP
SSH port remains as 22
SSH root login disabled
The following services are enabled and working:
MySQL is bound to 127.0.0.1
2-factor authentication for WHM
Security Advisor: all in ‘green’
ImunifyAV: No malware found in scans...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum