I am trying to ignore entries in my /usr/local/cpanel/logs/error_log, where my hosting company does not allow use of the cPanel Store directly. The hosting company also resells the cPanel add-on products.
My server environment is:
OS: CentOS v7.9.2009 STANDARD virtuozzo
cPanel Version: 110.0.9
The special need is that the error_log entry begins with a date/time, and then there are subsequent...
Have been using CSF for many years. But now started seeing a very strange behaviour in Debian 11. Even after doing csf --disable, I still see blocks happening. I verified CSF is stopped and there are no rules in iptables.
# iptables -L -n -v
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 67390 packets, 53M bytes)
pkts bytes target prot opt...
Following investigation there is a change in Perl 5.38 which breaks LFD.
As soon as one of the log files causes an error (e.g. is simply not present), all future log file reads on any file will fail until the error is cleared.
I solved this by adding a clearerr call before each log read, which is in the LFD file and the function getlogfile (around line 2195 for the function start).
One would think this would be easy but apparently its not...or its not possible.
I need to block ALL IPs from a specific domain, the problem is the domain has hundreds of IP CIDRs and its virtually impossible to block them all from standard IP deny lists - as well, about every 2 to 3 months, they seem to add on new ones. My server is taking on more and more vulnerability scans from this domain -...
Dear friends,
I have a VPS Ubuntu, I changed the default port ssh from 22 to 2222. I want to know, after I changed the default port ssh, Does CSF block the access if they were failed to login?
Hello! maybe someone can help me, tried googling but found nothing, I have CSF working perfectly fine but every now and then I have to access my server thru the VNC client from Virtualizor, the problem is that when I open the terminal this is flooded by CSF output (which I already disabled from the logs) making it useless, and afaik this shouldn't be happening, anyone knows how to fix this?
Any...
We have several servers with CloudLinux 7, cPanel and LiteSpeed with these entries in csf.conf:
CPANEL_LOG = /usr/local/cpanel/logs/login_log
CPANEL_ACCESSLOG = /usr/local/cpanel/logs/access_log
On several other servers with the same configuration, however, these entries are not present. We do not define these entries with automation tools, and cPanel has no idea from where these...
For some reason CSF firewall is blocking me and anyone else on Verizon mobile but yet if I go through a VPN I can get to CWP. But while on Verizon mobile I cannot reach any of my websites or my CWP panel but if I turn the firewall off I get in just fine. I have cleared all the blocked IPs I have added every one of my IP addresses to the allow always allow I should say and I still cannot get there...
We have multiple servers with cPanel using CSF/BFD Firewall and have noted that, comparing that with CWP7Pro, there is an important difference between the LFD email blocking reports which is affecting the troubleshooting.
Let me explain that better:
In cPanel we get this kind of LFD blocking emails:
Subject: lfd on server02.1ahost.com: blocked 185.28.39.67...
We are using csf on many of our servers, however, on one of our servers the Messenger service doesn't seem to work.
The server has cPanel and LiteSpeed. It also has BitNinja installed, but the problem happens even if we have the BitNinja service disabled.
Here is what we tried:
Switching to Messenger v1, v2 & v3
Uninstalled and reinstalled csf
Copied the csf configuration file from...
I've just update a VM to debian 12 and LFD keeps saying that syslog in not running. I've checked syslog and the code is there. It seems it doesn't read log files at all. I don't receive login notifications or anything related to lfd reading log files.
I've activated the debug mode in csf.conf but it just says that it is parsing the different log files but always with 0 lines read.
I was wondering if there's a way to configure CSF not to block IPs of failed login attempts to IMAP that aren't providing a username. I find that the majority if not all of this type of blocks happen to people with wrong settings configured (e.g: secure port with no encryption selected).
Before last week after a kernel upgrade I could do a speed test and get 40mbs ... Now something has changed and it's come to a crawl when i try moving files. Disabling CSF/LFD and/or using csf -f fixes it immediately. Yes.. yes.. the rules are all stock and I reinstalled. No joy.
Something like this test below should be about 17 seconds... But if I don't flush the firewall? It now chugs and...
Good morning, I manage a couple of whm servers on centos 7 with imunify360 and csf, within the last couple of days the servers have become really unstable. To the best of my ability it seems like I have isolated the cause to be is LFD causing the servers to run out of memory and the way was able to prove it is the following.
A couple of days ago I was receiving e-mails from one of my servers...
It looks like my CSF configuration is on a trajectory to permanently block the entire internet.
All of these blocks have been triggered because of LF_DISTATTACK.
All of the blocks so far are from SMTPAUTH failures.
In the past 4.5 days CSF/LFD has blocked 836 LF_DISTATTACKs and entered them into csf.deny.
99+% of the blocks are with a SetID=floyd or SetID=floyd@mydomain.com.
Simple question, Can I use scripts on Debian 11, iRedmail 1.6.3 thinking, iRedmail now works with NGINX and PostgreSQL / MariaDB to manage my mail server on iRedmail?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum