I looked around and just cannot seem to find where I can add a phrase or keyword so that when that phrase is detected, csf will ban the IP
I've been having an issue with osCommerce tell_a_friend.php and I can search for it and ban ip's that are accessing that file and it will be fine for a few days until the spammers switch to another ip.
So I have to constantly keep banning IP's or they just...
All configserver products are failing after WHM upgrade WHM 11.36.0 (build 2)
They are all upgraded to latest version. For example in CSF I am getting:
Can't use string ( _defheader.tmpl ) as a HASH ref while strict refs in use at /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Template/Context.pm line 809.
Hi There,
CSF seems to have lost its functionality. When I try an update it outputs
/usr/sbin/csf: line 1: ?php: No such file or directory
/usr/sbin/csf: line 2: syntax error near unexpected token `'_VALID_MOS''
/usr/sbin/csf: line 2: `if( ! defined( '_VALID_MOS' ) && ! defined( '_JEXEC' ) )'
I am assuming I need to re-install CSF, if so how do I re-install without losing the configuration...
I'm using CSF (btw, where can I see which version is it?) and I just found one of my servers has been hacked.
Looking at the /var/log/lfd.log, I see that a user which was created by the attacked ( ghost ) is using a security exploit to gain root, but I didn't get any email nor did I find the following details:
1. Which security exploit is it?
2. How can I automatically block the offending...
I have found that it a users IP gets throttled by the PORTFLOOD limit, it is logged as *Port Flood* but LFD seeing 11 of them (one more than the defined PS_LIMIT of 10) will result in LFD adding a temporary deny against the IP for *Port Scan* detected .
New csf install on CENTOS 6.3 x86_64 virtuozzo with cPanel 11.34.1 build 7. The build automatically created a symlink in /sbin/ for iptables pointing to /sbin/iptables-multi, so I added another symlink for /sbin/ip6tables linking to /sbin/iptables-multi. Resolving fine.
csf starts when IPv6 disabled. VPS supports IPv6 and I have v6 addresses that I like to use for a couple of domains
Hi,
Currently have CSF v 5.72
The firewall does not seem to be blocking IPs. I am receiving hundreds of emails saying that an IP (108.166.114.12) has been permanently blocked however there are repeated entries/emails for the same IP
When I try and search for the IP in the IP Tables the following is displayed, which is not a normal result from what i remember
We have a new server installation of openSUSE 12.2 (x86_64) and installed csf 5.73. The process ignore reporting does not seem to be working correctly. We have included lines to ignore apache including all three of the following:
I am seeing following block email from one of my VPS running csf, I need to know what exactly this mean.. (123.123.123.123 being my server IP and server5 is server name).
CSF is latest version, Geo database unzipped and stay in correct folder but it seems that CSF do not try use it. PurePerl require few perl modules (like Import, Export etc.) all of them installed by CPAN but CSF still not use database. Some testing option might be useful for such case.
hello
I've installed Direct Admin on my server and I need to install CSF on it but it's not possible
--------------------------------
Checking Perl modules...
Can't locate LWP/UserAgent.pm in @INC (@INC contains: /etc/csf /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 22) line 2.
BEGIN...
Hi all. I've been working in mitigating the attacks I'm suffering in my server and now I have a question.
Is it possible to block IP ranges (IP blocks) when lets say 4 or more IPs from that block are already banned?
Here is a small capture of the traffic on port 80 during the last attack:
om/m1oly.png ( remove the space, sorry I can't post links )
I have a dedicated cpanel server at a colo here in Virginia. We have 1 client who has employees who connect to virtual desktops on a Citrix VM. While working on their virtual desktops they cannot see any websites we host; traceroutes show them traffic stopping one hop before our server.
We switched to CSF from APF a few months ago. I have this clients Citrix ip range (an entire /24)...
My servers are setup to only allow ssh by root. These alerts work fine with actual root logins but I've also gotten a couple of alerts with no evidence of an actual ssh/root login -
lfd on server.servername.com: SSH login alert for user root from 62.212.154.143 (NL/Netherlands/www.digiinfo.nl)
When I parse /var/log/secure for this IP, there are no log entries. When I parse...
I'm trying to configure LFD to send me an e-mail only when root logs in via SSH. I have LF_SSH_EMAIL_ALERT=1 and I get e-mails on every login to SSH, which I don't really need, especially since FTP is disabled and I require all users to use SFTP so I don't need an e-mail everytime they FTP in to upload files. So I just want alerts on root login, is there any way for me to configure this?...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum