Well I'm sure I'm daft on this, but after reading the new blog update at today, I'm not sure what I'm supposed to do with that file at all.

Would anyone be so kind as to provide a bit of guidance?

Thank you :)

I am looking for a field to add a command like cphulk

Is there any existing functionallity? Or can be added?

I need to post remote ip/country/reason/time etc to able to track and build my own blocklist

Hi,

We use CSF on our cPanel DNS only servers. We have had a lot of attacks against them recently. However in CSF it only seems to keep the last 200 ip's blocked. How can we keep all blocked ip's please?

Hello

The delete CloudFlare command is returning the failure
both at the interface and also at the command line.

CloudFlare Delete xxx.104.28.197 for user(s) SRV12:

Message:
csf - CloudFlare: id failed: 400 Bad Request (SRV12)

- Command line
# csf --cloudflare del xxx.104.28.197 SRV12
csf - CloudFlare: id failed: 400 Bad Request (SRV12)

Regards.

Jean

Hello,

I set CF_ENABLE to 1 and put my api and email to the csf.cloudflare file but csf will not sync csf.deny ips to cloudflare firewall

Hi.

On my server has CSF configured for stop users using sendmail or not authenticathed SMTP.

But after one problem with Hotmail, I see that configuration by pass.

/etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing...

Hello,

I set CF_ENABLE to 1 and put my api and email to the csf.cloudflare file but csf will not sync csf.deny ips to cloudflare firewall

How to maintain and deploy configurations for CSF firewall for several Ubuntu Linux servers?

Currently I maintain configurations for each server separately on my PC. If and when I make a change or improvement I manually ripple it across all the configurations and upload to my servers. This is error prone and tedious. (A configuration is a set of files such as csf.conf, csf.allow, csf.ignore,...

We're trying to route all traffic on our server through Sucuri's networks, and for the most part that's worked with the following entries in /etc/csf/csf.allow (IPs listed below are not private, they are owned by Sucuri and publically accessible):

tcp|in|d=80|s=192.88.134.0/23 # Sucuri Range
tcp|in|d=80|s=192.124.249.0/24 # Sucuri Range
tcp|in|d=80|s=185.93.228.0/22 # Sucuri Range...

In maillog I get a lot of attack attempts from one IP to different or to the same email account like in example bellow:

May 28 08:36:05 vh0 vpopmail : vchkpw-smtp: password fail (pass: 'q123456') office@mydomain.tld:223.241.1.175
May 28 08:36:22 vh0 vpopmail : vchkpw-smtp: password fail (pass: 'OFFICE') office@mydomain.tld:223.241.1.175
May 28 08:36:32 vh0 vpopmail : vchkpw-smtp: password fail...

Hi,

I have latest csf/lfd running on CloudLinux 6 with cPanel. The problem I started experiencing is that without any reason csf blocks all ipv4 access to the server. This repeated 2 times already. When it happens I can see the following in the lfd logs:
May 23 23:53:36 wp03 lfd : Global DynDNS - update IP addresses
May 23 23:53:36 wp03 lfd : Global DynDNS: Lookup for failed
May 24 00:00:03...

Hello,
i have new vps server with centos 7 and webmin.

i would block tried login to webmin panel...

my csf.conf have this settings:
LF_WEBMIN = 4
LF_WEBMIN_PERM = 1

WEBMIN_LOG = /var/log/secure
as default.
but csf dont block ip on webmin (ssh works fine)

so i try to change
WEBMIN_LOG = /var/webmin/miniserv.error

but not works...

can you help me with this configuration?

thank you

Hello,

Currently, I have configured the csf service so that if a person makes more than 10 attempts to connect to the pop service with a bad password it is temporarily blocked.
But after 5 temporary blocking it is permanently blocked, I would modify this value in order to increase it.
could you tell me how to do that?

Best regards

Hi,

I have 2 IPs on my server running Ubuntu 18.04 LTS for this post I will call the IPs 1.1.1.1 and 2.2.2.2

I would like to have use 2.2.2.2 for TeamSpeak 3 and need to option some TCP and UDP ports for it to all work.
I read I can open the ports using csf.allow but not sure how to allow the IP only to thoses ports

These are the ports I need to open only for the IP 2.2.2.2.
TCP In:...

We have CSF installed on our server and it seems to block mail coming from our billing system. I have configured it to allow the SMTP PHP mail to go through. It starts working for a few days then starts blocking again. I have to reboot the CSF services for it to start working again then it does the same thing a few days later.

Is there any insight as to why this is happening?

Hello!

I have enabled all email alerts that CSF generates and when a customer asks why they're been blocked i search the IP in my emails and i can give them a report like this one:

Time: Tue May 14 15:17:20 2019 -0300
IP: 51.38.133.58 (PL/Poland/58.ip-51-38-133.eu)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Temporary Block for 3600 seconds

Log entries:

May 14 15:11:22 dallas sshd :...

hi,

i don't know why CSF block my IP (and many others) without any reasons..

i just logged in , then i tried t upload file using File manager .. my ip blocked.
visitors just vist my website from google , CSF blocked them..

maybe i did some fault config.

please help

An IP from China got caught by lfd trying to access a cpanel account. However, China is country blocked (CC_DENY), and the IP is in the blocked range, as confirmed by csf (csf -g output below). Can someone explain how the IP managed to access cpanel even though it is in iptables? Thanks.

csf -g 203.2.xxx.xxx

Table Chain num pkts bytes target prot opt in out source destination
No matches found...

Hello,

As we know that the IP address deny file in csf.deny is limited to 1000 ip's
lately i had a massive attacks with over a thousands ip address, my question is.... can i set ip address deny limit in csf.deny over than 1000 ip's...?

Thank you

What are main differences between Microservices and Monolithic Architecture?