ConfigServer Community Forum

upgraded to v3.01 and now the server doesn't mails the login alert,
happening on 2 of my servers

csf log shows:-
Sun Jan 5 07:45:49 2008 lfd: *SSH login* from xx.xx.119.245 into the root account using password authentication - ignored

nothing else has been changed on the server.

on other boxes running older versions still send alerts properly.

any solutions ?

lfd will ignore any ip's that you have listed in csf.ignore, any global ignore file is setup and any ip in /etc/relayhosts at the time if you have the RELAYHOSTS option enabled.

chirpy wrote:lfd will ignore any ip's that you have listed in csf.ignore, any global ignore file is setup and any ip in /etc/relayhosts at the time if you have the RELAYHOSTS option enabled.

thanks for the reply, iam not an expert but think this option is expecting any of IP in relayhost as trusted user.

ignoring the IP in /etc/relayhosts can be risky cause if a spammer who compromised an account and sent any mails, and later gains ssh access anyhow, can do enough harm as ADMIN is not notified.

please check on that too,

regards,
p

Hi.

This is very contradictory.

You either disable relay-hosts and suddenly and you get the warning and also make your security score go down, or you enable it and cant see who is logging into the server via SSH. I have tried to delete the IP's from the etc/relayhosts log and as soon as i login via ssh, it reputs those ips there.

Can this bug be fixed ASAP.

Cheers,

I'll remove RELAYHOSTS from the Server Check report as it shouldn't be considered less secure to enable the option. You cannot simply empty /etc/relayhosts as that file is updated by the cPanel antirelayd process.

Nice one Chirpy

When do you think this will be updated?

Cheers,

It'll be in the next release, but I'm not sure when that will be.