I cant send Email in Roundcube webmail, when click to send I have this error: SMTP error (504): authentication failed
I use CSF firewall and mail port is open. SMTP_ALLOWLOCAL is on, SMTP_BLOCK in on/off not defference, (I disable CSF but i have same error. Even if I remove CSF completely, the same error still exists.)
I use Cloadflare on my whm hostname and my main domain, but cloudflare...
In the new year, i'll potentially be migrating to a new server.
Is there a backup/restore feature in CSF so I can migrate my config over.
Or a cfg file buried away somewhere ?
I have 2 computers on my local network. Several times now, one of the computers is unable to access several of the sites on my server, but the other can access them just fine! I confirmed that both have the same IP address, no VPN or anything.
If I disable CSF, both computers can access the sites with no problem.
I have a VPS with Almalinux8, Cpanel and CSF installed and with a 600Mpbs port. I started experiencing speed issues with FTP uploads (because it limited data upload) and so to check the speeds from the server, I installed speedtest cli.
I've pounded on this for quite some time now with the two following custom rules. Log locations set in the conf file, but nothing working. Please make recommendations if you run across this post.
The built in IMAP rules in CSF do not work on my server. Never have. Non standard Debian/Postfix/Dovecot setup to blame I suppose.
Trying to prevent the following. Below are errors, followed by regex...
I'm trying to migrate a WHM/CPanel server from Centos 7 to Alma Linux 8. In Alma Linux, Host Access control does not allow the same configuration as Centos.
In Centos host access control you can select the Daemon, the IP(s), and Allow or Deny. So for example in my Centos config I allow my IP to access SSHD and then I set the next rule to deny all other IPs to that same Daemon.
I'm using Cloudflare, and dealing with attacks that LOOK like they're coming from Amazon / Cloudflare IPs. At 3:06pm today my server load went from 0.68 to 150 inside of 1 second :-O
When Cloudflare sends the IP, it shows up as X-Forwarded-For. I use Apache's mod_remoteip to change that to REMOTE_ADDR in Apache config, using:
I've been getting a ton of suspicious process alerts lately about a Perl script that hasn't been modified since 2020. So I'm pretty sure these are false alerts.
I'm using csf 14.20 on an Ubuntu Jammy system behind a 1GB FIOS connection. With csf/lfd running, I get throughput of about 30M/s, which increases to about 800M/s with csf/lfd disabled. I'm using a fairly generic csf.conf (shown below) and have tried to improve performance by reducing DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT to 100, but obviously it's still subpar. Any suggestions for how to narrow...
For a server I manage, I explicitly want to receive notification emails of successful ssh logins. I've enabled this, and allow-listed my own fixed IP address.
My customer can login to one account using ssh, but doesn't have a fixed ip. Is there a way to allow-list the public ssh key he's using?
An example of such notification would be:
Nov 28 13:05:51 srv sshd : Accepted publickey for...
Currently, I get a ton of emails like this:
lfd on : Suspicious File Alert
Time: Mon Nov 27 10:17:20 2023 +0100
File: /tmp/xxxxxxxx.o
Reason: Linux Binary
Owner: varnish:varnish (xxx:xxx)
Action: No action taken
These files are created by Varnish when it compiles the VCL for reloading.
However, I already whitelisted the varnish user from /etc/csf/csf.fignore like this:
user:varnish...
Hi,
I have already looked around this form , but did not come to a positive conclusion in the end.
I have been working for years with csf (and now also with cxs ). Now I am getting 'weird' messages on /opt/cpanel/ea php81/root/usr/sbin/php-fpm. Especially since multiple files are being opened/transferred.
I have investigated the ip's and they are from cloudflare and google (even 1 from...
Recently I disabled WP-CRON for wordpress and started using CPANEL with WGET to replace it. I've started getting emails lfd on XXXXX: Suspicious process running under user . I found some instructions on where to go to tell CSF to ignore these in the /etc/csf/csf.pignore edit, but I'm unclear exactly how to do this. Here is what the LFD emails are showing:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum