I have several VPS's and even a dedicated server all working fine with CSF. Some with Webmin, some with DA.
I have one VPS though without CSF. In the past I installed CSF on it but it was'nt working. After working with CSF for some time now I decided to try again.
Unfortunately after disabling testing mode the VPS frooze (locked up). With the help of the service desk I regained control again...
We have just received a brand new server from singlehop, and when attempting to install CSF etc, we apparently are blocked by the configserver's actual firewall. Our IP range includes 198.20.70.XXX
I have had to edit my evidence below due to:
You are not currently authorized to post url links, please remove or rename:
traceroute to configserver.XXX (85.13.195.235), 30 hops max, 60 byte...
After we upgraded to 6.47 we no longer get email alerts for permblocks and the comments after the IP address in csf.deny are missing now (seel below). We do however still get alerts for temp blocks. Anyone else having this problem?
92.87.5.14 # lfd: (PERMBLOCK) 92.87.5.14 (RO/Romania/-) has had more than 4 temp blocks in the last 86400 secs - Tue Jan 14 11:08:32 2014
200.77.249.162 # lfd:...
The IP's have been changed to dummy IP's but what I have going on is the following.
I have a cpanel server 10.10.10.10 and a web site builder server at 9.9.9.9. The site builder software compiles the web site on 9.9.9.9 and then FTP's it to 10.10.10.10. I have explicitly allowed 9.9.9.9 via csf -a 9.9.9.9 on the cpanel server. However I noticed when publishing some of the ftp activity works but...
It seems every time CSF upgrades to the latest version csfpre .sh is not run after the upgrade when csf restarts.
I have some extra rules and have to manually restart the firewall after an upgrade to re-enable these rules. This happens on 2 systems with Centos 5.10 (+ cPanel VPS) & Centos 6.5 (+ cPanel DNS only).
Hello.
I am being hammered from anonymous TOR ips.
I have enabled the TOR blocklist and it's working.
I can read at lfd.log Retrieved and blocking blocklist TOR IP address ranges
But I am still being hammered with SQLInyections from that IPs.
When I inspect the iptables rules, I see that the TOR chain is incomplete, with 1961 entries. While at the torproject website the list is of arround 2200...
First of all i would to say thanks to CSF and it's entire team for making an outstanding firewall utility and that too for free!
I would like you to make Reset default settings for CSF & it's other tool, if anything goes wrong after making changes to csf firewall settings we can simply use Reset Default Settings
It would be good if you can implement this feature ASAP.
#RBN|86400|0|
I went through the EmergingThreats website and found these links which may be of interest:
Detail: - lists a number of links to text files which contain ips.
- last update seems to be February 2012 so not sure how accurate this list would be over two years on. There's no date in the list itself so I don't know if the list is...
I am using Filezilla to upload files to my server, I start to upload them and it works fine, then I get blocked by the firewall meaning I can't access anything until the block times out.
Can you tell me how I adjust these settings so that it does not keep blocking me please?
This is my first time using CSF as my firewall for my VPS, I have it working now because certain ports were closed when i enable CSF, but i would like to know as to what logfile should i look if i wanted to see CSF blocked ips or what log file should i tail to see it working? I have it installed on a debian system. Thanks!
i have a crontab script that runs every two minutes scanning logfiles for brute-force wordpress login attempts. if i find more than 40 in a one minute period, my script issues the following command something like:
csf --deny 111.222.333.444 ;
this seems to do the same thing as the Quick Deny button.
is there a command line equivalent of the Quick Ignore button? i am thinking this...
My vps keeps down for the past 3 consecutive days and I had to reboot to bring the server back. After talking to my vps provider, they told me that there's nothing wrong on their end. So I did a little investigation on my end.
I have looked at my /var/log/messages, and found out that
Mar 30 05:00:09 servername lfd : SYSLOG check
...
Mar 31 05:00:08 servername lfd : SYSLOG check
after logging...
I have a very strange problem with CSF running on a VPS with cPanel.
This started to happen at a random moment.
When trying to access any site hosted on that VPS, the title of the page loads and so do some of the first bytes. Sometimes the header of the webpage is shown, sometimes not. The browser shows as the page is loading, but nothing more happens.
I want to block any offender that generates that kind of message in syslog:
Mar 30 20:20:43 ns drupal: SOMESITEURL|1396203643|BOTCHA|110.82.153.175|SOMESITEURL/contact|SOMESITEURL/contact|0||contact-mail-page post blocked by BOTCHA: submission looks like from a spambot.
(SOMESITEURL = what is says, because this forum is absolutely paranoid, not allowing an URL to appear in posts)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum