Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [csf]

ConfigServer Security & Firewall

A Packet Inspection (SPI) firewall and Login/Intrusion Detection application for Linux servers. Combines firewall with log monitoring tools for general Linux security protection. Web interface works from cpanel or webmin.

http://configserver.com/cp/csf.html

121 questions
0
votes
1 answer

How to block access from all hosting services? (like gutenberg.org)

gutenberg.org blocks access to all hosting services as per http://www.gutenberg.org/error403.php How to achieve this? Is there a list of hosting ips? Also, would these be added to CSF?
giorgio79
  • 1,747
  • 9
  • 25
  • 36
0
votes
1 answer

Does LFD check for failed HTTP Digest login attempts?

I am sure that LFD (Login Failure Daemon) checks Apache's error log for failed HTTP authentication attempts ie. log entries like: [Mon Feb 25 10:12:45 2013] [error] [client 10.0.0.1] user FAKEUSER not found: /index.html [Mon Feb 25 10:11:56 2013]…
WooDzu
  • 107
  • 5
0
votes
1 answer

Interpreting CSF emails

I get emails from CSF every time it blocks someone. Here's one I got this morning: Time: Sat Jan 19 10:17:24 2013 -0800 IP: (US/United States/-) Hits: 21 Blocked: Temporary Block Sample of block hits: Jan 19 10:16:28 red…
Theron Luhn
  • 325
  • 2
  • 3
  • 11
0
votes
2 answers

Error when restarting csf on DirectAdmin server running centos

I just installed csf on a DirectAdmin server running CentOS. When i restart csf it however says: Restarting bandmin acctboth chains for cPanel open3: exec of /usr/local/bandmin/bandminstart failed at /usr/sbin/csf line 3168 iptables v1.3.5:…
bicycle
  • 103
  • 6
0
votes
1 answer

Exclude minify from CSF/LFD

I have currently installed minify on on of my websites however I am currently getting hammered with email from CSF/LFD. Example: Time: Fri Aug 10 13:10:03 2012 +0700 File: /tmp/minify_builder,index.php_f516d1c7cae9c3881406fd9a0ce69c38 …
Patrick Lanfranco
  • 25
  • 5
0
votes
1 answer

Is CSF overkill?

My server runs just my own sites (vBulletin forums - which are always patched with security fixes) and Rails sites using the latest version) so do I really need CSF? (http://configserver.com/cp/csf.html) Or is it unnecessary for this kind of server…
A4J
  • 277
  • 2
  • 4
  • 10
0
votes
2 answers

ConfigServer Security and Firewall -- after setup, how much daily management required?

I'm looking at using ConfigServer Security and Firewall (CSF; iptables-based). After I configure it properly, how much daily ongoing management is required of me to keep my server secure? Am I going to be flooded with "alert" emails that I need to…
Hope4You
  • 165
  • 3
  • 12
0
votes
1 answer

CSF Log Watching

I run suphp so the uid of scripts is for the user not the webserver. My log files are also in /home/$user/logs/error.log CSF only monitors /var/log/apache2/error.log However because of my setup i dont think the logs go here so how do I add my…
h00j
  • 378
  • 6
  • 21
0
votes
1 answer

Pros vs Cons of Rate Limiting ICMP

I am configuring Config Server Firewall and here is the default config for ICMP. I have read on the internet that disabling or limiting ICMP can cause huge headaches on your server. However I have also read it can help prevent some times of DDOS. Do…
h00j
  • 378
  • 6
  • 21
0
votes
2 answers

Should I disable iptables when I'm using csf?

Should I disable iptables when I'm using csf ? any help appreciated.
user107077
0
votes
1 answer

How do to white list a specific IP with CSF?

I am using csf & lfd, I am trying to allow all traffic to a specific IP (my backup storage) which I'm using lftp to access. I have tried using csf.allow, but you have to specify a port or a range. I've also tried adding the ip to csf.ignore Neither…
Rob
  • 247
  • 1
  • 3
  • 12
0
votes
1 answer

Allow all IPs through a specific port range in CSF

How can I do this? For UDP it seems to work like this: udp:out:d=1_9000:d=0.0.0.0/0 but it doesn't seem to work when I change it to TCP and I need to enter a specific IP like tcp:out:d=25277:d=175.199.87.36 and tcp:in:d=25277:d=175.199.87.36. Am I…
webnoob
  • 455
  • 2
  • 16
  • 35
0
votes
1 answer

Help - DDOS Attack

I am under a DDOS attack. I'm trying to locate the IP address that is making 1100+ connections, however, when running the following command, it shows a 1100+ connection, but the ip address column is blank. By the way, I'm using CSF firewall to block…
Spencer
  • 1
0
votes
1 answer

Allow IP range through linux firewall

I need to set up a rule to allow ALL outgoing UDP connections on my VPS. I am not sure what I should be using. I have tried: udp:out:d=1_9000:d=* in my csf.allow but its not working (and it was a guess on all accounts). Any ideas? Thanks. EDIT: I…
webnoob
  • 455
  • 2
  • 16
  • 35
0
votes
2 answers

flushed and removed iptables rules, but CSF restores them

Intending to clear my iptables rules (i have like a thousand rules which block many customer IPs, and I can't find which is doing it), I removed all csf.deny entries, then : service iptables stop csf --disable rm /etc/sysconfig/iptables iptables…
AbiusX
  • 89
  • 1
  • 10
1 2 3
8 9