Just in the last 5 days or so i started to see our server IP addresses showing as listed in RBLs (Notably spamhaus.org lists)
This was weird because it was showing IPs that we are not actually using (sitting idle) as listed also
So i manually tested all the IPs at spamhaus.org and they are all clean.
I also started to get customers telling me that email to them has been rejected and returned...
Please help me understand.
For some reason CSF is blocking SNMP communication between my Monitoring system and the router. I have both IP addresses listed in csf.allow with nothing else on the line. Should that not allow full communication between the two? All other services are working fine.
Thanks.
Ahhhh. It would seem I was misunderstanding CC_ALLOW_FILTER, thinking it was essentially blocking all, but allowing in my case US. It seems that is not the case.
Let me please ask this follow up. Rather than me blocking quite a few CC codes specifically, since I understand that would create immense IP tables, is there any way to say block all except (in my case US) . Some folks may question this...
Hi there,
I have been struggling with finding out a reason, as to why on certain terminals on my office LAN which are using a Public Static IP address - I am unable to receive email from my Email server hosted on OS
CentOS v7.9.2009 STANDARD vmware
cPanel Version
106.0.9
I even tried to add it to the csf.allow, file so to skip its check and avoid blocking it BUT I haven't succeeded.
Now my server had configurated with permanent ban that IP after temporary ban 4 times. But I don't know the option which I can config to auto remove/unban/release permanent IP in csf.deny after seconds/minutes/hours/...
Hello, I have been using Configserver on WHM/Cpanel on CentOS for years and recently moved to a new server with WHM/Cpanel on CentOS.
The file csf.conf keeps getting overwritten with what appears to be a default configuration. I make changes and safe via the UI in WHM/CPanel or I make changes via SSH and Emacs. Either way, after some time the file is replaced with a 'default' csf.conf that...
I’ve a running CSF installation with messenger service on CloudLinux 8, I’ve migrated it from iptables to ipset to use blocklists, works wonderfully. But now I have a problem which I cannot solve: if I use the variable CC_MESSENGER_ALLOW and enter any country code or more then I can no longer reach the messenger (v3) page from a blocked IP. I have made sure that CSF recognizes my country...
After googling for some time and not finding anything on this problem I'm asking here for some help.
I've setup remote logging for rsyslog on debian 11 and when CSF / LFD ist enabled, I get the following error for rsyslog:
(changed URL inside of the error message because of limitations)
Oct 30 16:54:08 SERVER85 rsyslogd : action 'action-0-builtin:omfwd' suspended (module...
I cannot reproduce this on any other servers, but am not sure where to go with this. LFD is detecting brute forces fine and logs that it is blocking the IP:
Oct 28 17:06:44 dalgarno lfd : (sshd) Failed SSH login from 112.95.75.195 (CN/China/-): 5 in the last 300 secs - *Blocked in csf*
However, the IP does not end up in IPTABLES nor does an entry get written to /etc/csf/csf.deny
Hello all
I needs support. I am trying to protect the login to my application using regex.custom.pm
I added to /etc/csf/csf.conf > CUSTOM1_LOG = /var/log/apache2/my_log
log code
my.domain.com:443 1.1.141.25 - - POST /api/v1/hybrid/session/start HTTP/1.1 200 257 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
I need some help with to set up csf and cloudflare.
In the csf.conf i set up the following lines:
CF_ENABLE = 1
CF_CPANEL = 1 -> because i use cpanel with many users.
The Config said this:
# If the CloudFlare user plugin has been installed, enable this setting to use
# per cPanel account settings rather than listing each account in
# /etc/csf/csf.cloudflare
When CF_ENABLED is set to 1, Is there a log of CSF's interactions with CloudFlare?
I have mod_remote IP setup and working, mod_security is setup and working, and in the LFD log I can trigger the mod_security rules and see a block come up (I am testing via TOR):
Hi, I reported this on the cpanel forum as it was tied in with an exim issue I was having but they advised that I bring this over to your own forum for you guys to check out.
The emails I have been receiving from CSF (root access alert, high load alert etc..) are all going in to spam and when I look in to the header of the message, one of the high scoring spam markers is related to the content...
I wanted to take the time to come here to thank the developers of csf/lfd. I have been using it on many dedicated CentOS servers for years now and I never had a single problem. It's easy and powerful and I feel that my server are bulletproof!
I want to gradually switch to Debian and I was very happy to see that you also support this distribution.
Thank you very much for your great work!
It seems that this stopped working between October and November with the most recent IMAP block being on 02 Dec 2021. I'm not sure if it's related to the CSF 14.15 update that was released on 04 Dec. Looks like it updated on 05 December. This is affecting all our Interworx servers.
These are my IMAP blocks.
LF_IMAPD = 10
LF_IMAPD_PERM = 1
IMAPD_LOG = /var/log/dovecot/dovecot.log
and INTERWORX...
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum