CSF.Pignore not ignoring process

Post Reply
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

CSF.Pignore not ignoring process

Post by Black Tiger »

I have this already for a longer time but nobody responded to my other thread (november last year).

It seems csf.pignore is not ignoring certain shoutcast processes. I get this email:
Time: Wed Jan 15 20:32:31 2014 +0100
Account: admin
Resource: Process Time
Exceeded: 10888 > 1800 (seconds)
Executable: /home/admin/domains/mydomain.com/public_html/mediacp/files/shoutcast198/linux/sc_serv
Command Line: /home/admin/domains/mydomain.com/public_html/mediacp/files/shoutcast198/linux/sc_serv /home/admin/domains/mydomain.com/public_html/mediacp/content/user_2/shoutcast198/8060_1/etc/service.conf
PID: 3005 (Parent PID:3005)
Killed: No
And I used this line in my csf.pignore, which should be correct because that is the executable mentioned in this mail:

Code: Select all

exe:/home/admin/domains/mydomain.com/public_html/mediacp/files/shoutcast198/linux/sc_serv
I already restarted everything, but still these emails arrive.
Same problem I had with the old castcontrol server. Why does csf.pignore does not ignore this executable?

Linux server15.mydomain.com 2.6.32-431.3.1.el6.x86_64 (Centos 6 x64.)
PHP 5.3.28 (cli) (built: Dec 14 2013 01:26:41)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2013 Zend Technologies
with the ionCube PHP Loader v4.4.0, Copyright (c) 2002-2013, by ionCube Ltd., and
with Zend Guard Loader v3.3, Copyright (c) 1998-2010, by Zend Technologies
Newest version of csf/lfd.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CSF.Pignore not ignoring process

Post by ForumAdmin »

If the other entries in /etc/csf/csf.pignore are being ignored, then I've no idea why it's not working for you. You should:

Check that you are definitely editing /etc/csf/csf.pignore
Restart lfd after making any changes
Ensure that the file /etc/csf/csf.pignore only contains linux linefeeds and not MS or MAC linefeeds
Try using other methods to ignore the process, i.e. a regex using pexe: and pcmd:
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

Re: CSF.Pignore not ignoring process

Post by Black Tiger »

Thank you for your reply.

I don't understand either. It's only happening when there are long lines like these shoutcast/castcontrol lines.
There can not be any other linefeeds then linux, because I'm editting csf.pignore (yes ofcourse I'm sure I'm editting that one) with either nano or vim in SSH console as root.
I always start csf and lfd after making such changes.

Could you give me an example with the lines I put in using regex, pexe or pcmd? I'm not quite good at regex things.

There are always 2 emails I get. One of the I already posted, this is the second one:
Executable:

/home/admin/domains/mydomain/public_html/mediacp/files/shoutcast198/linux/sc_serv


Command Line (often faked in exploits):

/home/admin/domains/mydomain.com/public_html/mediacp/files/shoutcast198/linux/sc_serv /home/admin/domains/mydomain.com/public_html/mediacp/content/user_2/shoutcast198/8060_1/etc/service.conf
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CSF.Pignore not ignoring process

Post by ForumAdmin »

You could try:

Code: Select all

pexe:.*/sc_serv
Black Tiger
Junior Member
Posts: 73
Joined: 17 Feb 2009, 14:14
Contact:

Re: CSF.Pignore not ignoring process

Post by Black Tiger »

Thank you very much, going to try that!
malte-return2
Junior Member
Posts: 1
Joined: 19 Nov 2020, 15:26

Re: CSF.Pignore not ignoring process

Post by malte-return2 »

Got the same problem with my csf.pignore file. After a lot of research I found out that there are many possible reasons behind the problem. I tried to collect a lot of them in this blog article:
https://return2.net/csf-lfd-firewall-cs ... t-working/

Hope that helps someone else.
Post Reply