Hi all,
this thread is to add working REGEX that we can share with the community. To add them to this sticky, you should have the regex working in your server, this thread is not intended to solve any issues related with no working regex, the intention is to give users of CSF REGEXs that could make CSF with more security options.
If you want to collaborate, please add your rule to this thread...
If you have one particular IP address that is either dropped or accepted through the firewall that you think should not be, then you can use the new WATCH_MODE in csf.
Before enabling this option and using the CLI command to watch an IP address, check whether it is explicitly listed first using:
csf --grep 11.22.33.44
Where 11.22.33.44 is the IP address you're tracking. If that comes back...
If you get iptables errors when trying to start csf on a VPS then you most likely have missing iptables modules for your VPS.
If your hosting provider wants to know how to configure iptables correctly on a VPS server, then you should point them to this Parallels FAQ and have them follow it (plus to add ip_conntrack_ftp to the list of required modules):
We are running new cPanel install on AlmaLinux via Lightsail Instance.
Configuration:
Access to WHM and cPanel is limited to single static IP
SSH port remains as 22
SSH root login disabled
The following services are enabled and working:
MySQL is bound to 127.0.0.1
2-factor authentication for WHM
Security Advisor: all in ‘green’
ImunifyAV: No malware found in scans...
Hi all,
Where does csf keep the list of blocked emails that are associated with IP address?
I remember on one of my previous csf installations I had the ability to see blocked emails and from which IP addresses these emails tried to connect but now I can't find it on this new server.
I have installed CSF firewall on Centos Stream 9 on my VPS server successfully without errors.
However, after I set some IP ranges in this file:
$ vi /etc/csf/csf.allow
like:
###############################################################################
# Copyright 2006-2018, Way to the Web Limited
# URL:
# Email: sales@waytotheweb.com...
We received this notice from Maxmind and would like to know how it affects us using CSF?
As of Wednesday, May 1, 2024, we will use R2 presigned URLs for all database downloads in order to increase the security and reliability of our services.
This is a potential breaking change. Please ensure that your servers can make HTTPS connections to the following hostname:...
Hello, I am a new CSF user. I am using Almalinux 8.9 and cpanel. I have successfully installed CSF. But I couldn't achieve my main goal.
I want to block all requests coming directly to my server's ip address. But I want to allow 3-4 ip addresses.
I allowed my own ip addresses in the CSF interface. And I entered 0.0.0.0.0/0 in the Deny field to block all other traffic. but this time the traffic...
Seems this month Maxmind is enforcing it's API rate limits
Please note: Beginning in March 2024, MaxMind will begin enforcing its policies around API requests and endpoints. We will require use of the HTTPS protocol for all database download requests, and will require requests to use the proper hostname as listed below, and on our Developer Portal.
Hello!
Recently i've been facing a problem in multiple server, when you add an ip to csf.allow on the UI it'll be added to the chain normally until you restart csf and lfd.
After the restart most of the ips on csf.allow won't be on the allow chain, if I remove them and add again it'll be added until the next restart;
The search option identify the ip on csf.allow but won't find it on the allow...
Hi,
I have setup CSF on our server but we're facing some troubles with too many IPs being blacklisted.
Many IPs that our clients access their e-mail from (dynamic ip ranges) are getting listed in Spamhaus, and thus CSF is blocking their connection to the server. I've checked csf.blocklists file but every RBL entry there is commented, so it shouldn't be affecting this, right? Anyway, i tried...
We currently have a custom blocklist and we managed to implement a webui for asking an unblock. But as the blocklist can only be reloaded each 3600s, the user have to wait a maximum time of 3600s to get unblocked.
Is there a way to trigger a blocklist reload within CSF/LFD from SSH? In this way we'll be able to unblock instantly an user.
I use CC_ALLOW option to add a couple of countries I want to whitelist but the problem is I'm still getting those countries IPs blocked (in temporary block list).
After upgrading to Rocky Linux and latest cPanel install, they wont allow Host Access Control anymore. So, I am trying to block all SSH connection except allow IP in the hosts.allow:
=============================
ALL : 1.1.1.1 : allow
sshd : 1.2.3.4 : allow
sshd : ALL : deny
=============================
What rule in the CSF can be defined to achieve the above SSH to block all incoming...
I am a victim of (D)DoS attacks for at least 2 years now from a very persistent attacker. The attacks are coming from spoofed IPs and the attacks are so low that it isn't distinguishable from normal traffic according to my provider (Hetzner).
CSF is able to detect them and block it according to the logs from what I can see in the /var/log/syslog file as the attacking IPs are there. Yet CSF is not...
On March 22, I discovered that SOME emails to users on my server were being returned to senders. Some were definitely coming through, but some weren't. I ended up having to disable CSF, at which time hundreds of emails started to come in.
This problem didn't happen on March 21, so it was a new issue after I hadn't changed anything. So it had to be something automated.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum