ConfigServer Community Forum

Hello guys,

I see some sites are hotlinking our images.

Is it possible to block specific hostnames/ domain names from accessing our server ?

Any guidance would be very much appreciated.

It seems that unless you put the following in ui.allow:

127.0.0.1 # localhost

... lfd won't allow browsers on localhost to connect (connection is reset). As localhost is automatically whitelisted in other places with CSF/LFD, surely it should be auto-whitelisted for the UI?

Hello,

ENV: Centos 8, Csf 14.04, iptables enabled and started as well as ICMP_IN = 0.

I have added manually in iptables ICMP INPUT and OUTPUT for ping to work.

I also have 192.168.0.0/24 in allow.

With this, ping from 192.168.0.2 ---> to 192.168.0.3 and vise versa works.

But csf -cp from 192.168.0.2 ---> to 192.168.0.3 and vise versa does not work.

Here, do not that ICMP_IN = 0. It -...

Auto update of csf today resulted in corrupted /usr/sbin/lfd file. There was an EOF at line 10229 after $ch .
I had to run curl -sL | perl to fix it.

Upgrading csf from v14.03 to 14.04...
Retrieving new csf package...
...5%
...10%
...15%
...20%
...25%
...30%
...35%
...40%
...45%
...50%
...55%
...60%
...65%
...70%
...75%
...80%
...85%
...90%
...95%

Unpacking new csf package...

gzip: stdin:...

Hello,

ENV: Centos 8, Csf 14.04, iptables enable.

I have tried to block a spammer, who installed a cron script to populate every ten and every eleven minutes in logfiles of my server with following:

FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffriends.png
FQDN/login?dst=http%3A%2F%2Fbucket-img.y5en.com%2Fmessage%5Ficon%5Ffind.png

Instead of using modsecurity, I...

Hello,

In following message there is a bug:

*Error* IPSET:
CC: Repopulating ipset cc_6_ua with IP addresses from
IPSET: loading set new_6_ua with 0 entries
IPSET: switching set new_6_ua to cc_6_ua

Hi,

how can I stop firewall alert notifications on the system?

I am using a CSF firewall with Centos 7, due to security reasons I blocked SSH port access since I had KVM access.

now the issue is the KVM viewer becomes so messed up ... the alerts keep popping up even if I open nano or vi editors.

The ICMP settings are disabled via cPanel/WHM as well.

Image Reference

SMTP Server blocked by csf and throwing error

LOG: MAIN
cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -M 1jsyQF-0002B0-JY
delivering 1jsyQF-0002B0-JY
LOG: MAIN
Sender identification U=keralad1 D=keraladesk.com S=info@dummydomain.com
Connecting to how.lakemneadows.com :25 ... failed: Connection refused
LOG: MAIN
H=how.lakemneadows.com Connection refused
LOG: MAIN
==...

Does anyone know how I can add the users IP address to sualert.txt?
I've tried the following but it does not work

IP:

Since a few weeks the CSF Real time blocklists checker in WHM stopped working. The titles of the hourly checks that email me, they report this:

`RBL Check on server04.ourcompanydomain.com: failures`

Every single list is failing, and I have no idea where to start checking why.

The only clue I have and the only text that seems out of order is in the middle of the email report Senderbase:...

Hi,

I have just install CSF on Ubuntu, on a Digital Ocean droplet.
I don't have an email server installed, so I would like to send CSF/LFD emails via a 3rd party SMTP server.

How would I do this, without installing a mail server?
I have looked at the csf.conf and couldn't see away.

Thanks,
Gaz

Hi. I've been using CSF for a while on a PVE (LXC) server.
The host has an interface vmbr0 for public address and a vmbr10 that we use as an internal network (10.0.X.X)
Most LXC containers only have one of the internal network address as we use a Nginx proxy in one of them to receive all the external traffic. This to the local containers is an eth0 address. Additional IPs are routed through the...

Hello, I just installed csf and the first time using it. when I check csf status I find that's running but got only this warning:
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

How to resolve it, thanks

Hello,

Somebody use fredomedosvsd@gmail.com mail address and all other types like

fr.e.dom.ed.os.v.sd@gmail.com
fr.e.dom.e.do.sv.sd.@gmail.com
f.re.domedosvs.d@gmail.com
fr.edome.dos.v.s.d@gmail.com
f.r.e.d.o.m.edosv.s.d.@gmail.com

......

Tousend of types :( I'm already use LFD Blocklist database but not help :( How can I stop that spammer ? Because they are using some script and attack my...

Hello,

I keep seeing a ton of these errors - Failed IMAP login from

They are from me and I am getting mail however I do notice a lot of times it failing.

So I am looking for a solution to either exempt myself (not the best practice) or resolve why so many of my attempts are failing.

Im seeing those messages in the lfd log.

If you need me to provide any additional information feel free to...

I get a lfd on host.******: Suspicious File Alert.

Time: Mon Jun 29 11:45:17 2020 -0400
File: /tmp/libjansi-64-git-Spigot-db6de12-18fbb24-5095707643582958365.so
Reason: Linux Binary
Owner: kar***:kar*** (1050:1050)
Action: No action taken

The number after /tmp/libjansi-64-git-Spigot-db6de12- always changes.
How can I ask lfd to ignore those files?
Thank you.

Hi guys,
I'm new to csf, so, please dont judge me hard if already have answers.
Could you please help me understand how to build me owr rules.
As many users we run WP sites and most attacks are over login.php and xmlrpc.php.
So, how to tell:
If xxx.xxx.xxx.xxx POST (GET) login.php (and/OR xmlrpc.php) then check this IP in csf blacklists and if is there ban it perm (temp)

This example will help...

I have OSM installed on a few servers and I'm running into some weird errors I can resolve. The original error was:
*ERROR* Net::Pcap failed to install, see /etc/osm/osmpcap.log. Packet inspection feature has been disabled in osm.
To which i installed pcap on the servers that were affected via
sudo yum install perl-Net-Pcap
yum install libpcap libpcap-devel -y

I later saw this post ( ) where...

Is it possible to block connections from China (CN) without blocking e-mail from China?

We have one account that must receive e-mail from China. If I use CC_Deny, they e-mail is denied.

I would like to block login attempts, but not block e-mail from CN.

I'm not sure if whitelisting would work, but even if it did, I wouldn't know what domains to whitelist because they are working with...

Hi all,
we installed ConfigServer Security & Firewall yesterday and last night I noticed that I cannot update (nor register) domains with registrar through WHMCS. Its a custom built module, worked fine before Csf install and registrar confirmed there is no problem at their end.
Does anyone know what setting might be wrong in CSF that could possibly block registrar communication through WHMCS?...