ConfigServer Community Forum

Hi Everyone,

I tired to resolve some false alert by add the following rules to cdf.ignore but still can't stop them. :confused: :confused:

exe:/usr/local/cpanel/3rdparty/perl/522/bin/perl
exe:/usr/local/lsws/bin/lshttpd.5.1.11

lfd on domain.com: Suspicious File Alert
Time: Fri Jan 13 06:17:11 2017 +0800
File: /tmp/lshttpd/bak_core/core.831309
Reason: Linux Binary
Owner: nobody:nobody...

I'm getting a LOT of lfd Suspicious File Alerts on files created by Imunify360. An example file is /dev/shm/\i360_blamer_reducer423.u1009.

Is there a way I can tell csf to ignore any file that has i360_blamer_reducer in the file name?

I'd like to keep getting alerts, but so far they are all false positives.

Thanks!

Hi there,

Is there a list of API command and connection details in order for me to create an API in my custom billing panel which will allow users to unblock themselves if they get blocked?

My main site is hosted on a different server to my main selling server.

I have tried to make heads and tails of the unblockme system for whmcs but as I'm not using WHMCS its hard to figure out.

-Chalkie

Checking the emails, these are forum notifications send by my server IP. Can I exclude that IP/server/email from the relay limits?

Time: Sun Feb 9 17:19:31 2020 +0200
Type: LOCALHOSTRELAY, Remote IP
Count: 101 emails relayed
Blocked: No

Hello

is it posible to log the email account blocking the ip and show it in the messenger index.html message?
i mean somethig like : (imapd) Failed IMAP login from xxx.xxx.xxx.xxx user: yourmail@domain.com (AZ/Azerbaijan/-): 1 in the last 3600 secs - *Blocked in csf* for 3600 secs
and showit in the messenger index.html

in the regex i see a variable called $acc that appears to be the mail...

Hi,
I have an Interworx VPS and installed ConfigServer Security & Firewall - csf v14.01
I used the script in /etc/csf to remove APF / BFD, but now my /var/log/lfd.log gets flooded with the message: : InterWorx: Reapplied apf stub

Why? and how to get rid of this flooding message?

Thank you

Hello

We are using ConfigServer Security & Firewall - csf v14.01 and it blocks all connections from people on T-Mobile devises; it is not blocking an IP but a network. When i turn off they firewall, people using t-mobile can access our sites, when the firewall is activated again they cannot and I have cleared out all blocked ip addresses

Please advise

I went to your applicable web page ( and downloaded your csf.tgz ( (for prospective/experimental use on one of my XCP-ng/XS/CentOS7-based DomU VMs) to my Win10 PC, and copied your provided SHA256 hash code ( for comparison... but using my hash-checksum app on my PC ( MD5 & SHA Checksum Utility 2.1 Pro ), the comparison failed.

Their calculated SHA256 ckecksum for the file...

I believe that the bug still exists. I use only cc allow filter with country codes. My control panel will not update with cc_allow_filter on. If I comment out the line then the control panel will update.

I have tried whitelisting and ignore with control panel ip addresses with no results.
I have included the CC of the control panel server also.

I know this might sound like a dump question but the following snippet of direction is provided in csf.conf:

This option will keep track of the number of File does not exist errors in
# HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL
# seconds then the IP address will be blocked
#
# Care should be used with this option as it could generate many
# false-positives,...

Every hour or so the CSF firewall will say, Firewall enabled, but not started.

The error logs are as follows:

Google hasn't been forth coming haha. Any help with this issue would be greatly appreciated.

delete this post

cc allow filter is not working on my server, version 14.01.

CC_ALLOW_FILTER = US,IR,IE,DE,ZA,CU,MX,GB,CA,HR

My control panel cannot update if cc allow filter is set to the above. If I delete the values then I can update my control panel.

Also, I tried whitelisting the ip addresses for the control panel update servers and I could not get thru.

I tried with maxmind and also ipverse

I have enabled messenger with v2 and set ip up as per the readme. The redirect works fine but I get the regular blocked page and not the page offering an unblock with ReCaptcha.

I had a bit more detailed post but everytime I tried to post it something in it was triggering your mod security.

I have restarted lfd a couple of times with no effect. Correct user is made with directory, permissions...

Hi i get emails like this every few minutes

Time:    Mon Feb 27 08:26:12 2017 +0000
PID:     13825 (Parent PID:9399)
Account: nobody
Uptime:  10887 seconds

Executable:

/usr/sbin/httpd

Command Line (often faked in exploits):

/usr/sbin/httpd -k start

Network connections by the process (if any):

tcp: 0.0.0.0:80 -> 0.0.0.0:0
tcp6: 0.0.0.0:80 -> 0.0.0.0:0
tcp: 0.0.0.0:443 -> 0.0.0.0:0
tcp6:...

Hello,
I'm facing some problems with CFS, me and Cpanel support found that the problem was something with CSF.
Now I have CSF disabled for the good performance of my websites.
With CSF enabled I get a bunch of problems that can be seen at not right now, but if I enable it they just appear.

Can anyone help me or have some clue on how to make CSF work again? Note that eveything was working before,...

Hello,
i have similar issue.

i have two server and my configuration is

TCP_IN =
UDP_IN =

FASTSTART = 0
LF_IPSET = 1

CC_DENY =
CC_ALLOW =
CC_ALLOW_FILTER = IT
CC_ALLOW_PORTS = IT
CC_ALLOW_PORTS_TCP = 80,443,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096
CC_ALLOW_PORTS_UDP =

maxmind license is set

but the strange is from ssh i can't ping google.it or 8.8.8.8
i can't backup my...

Ubuntu 18.04.3 LTS
Cyberpanel 1.9
Error : CSF : Enabled but Stopped Unable to start the error output :
open3: exec of /usr/sbin/ipset flush failed: No such file or directory at /usr/sbin/csf line 5408.

While search found need to install IPSET & I have installed IPSTE.
________
root@cloud:~# sudo apt-get install ipset
Reading package lists... Done
Building dependency tree
Reading state...

Hi,

I noticed that after this latest update many requests return 520 error especially any page or file behind wp-includes
This issue only appeared after the latest update (14.01)!!
I didn't change anything on the server. The only thing changed is the CSF update.
Note: The entire website works well and there are no errors at all (Only any file or page behind wp-includes)

Regards,

During a recent update the web UI on my LFD has broken; it now just gives me ERR_CONNECTION_RESET . Nothing error-related is being logged in /var/log/lfd.log. What could the problem be?