Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [csf]

ConfigServer Security & Firewall

A Packet Inspection (SPI) firewall and Login/Intrusion Detection application for Linux servers. Combines firewall with log monitoring tools for general Linux security protection. Web interface works from cpanel or webmin.

http://configserver.com/cp/csf.html

121 questions
0
votes
1 answer

Munin FW_Conntrack Timing Out

I recently installed CSF firewall. Immediately after this, my Munin has stopped showing me graphs for Connections through firewall and ipconntrack. I looked into log files and found this 2011/02/27-19:45:01 CONNECT TCP Peer: "192.168.156.237:57918"…
Sparsh Gupta
  • 1,117
  • 7
  • 20
  • 31
0
votes
1 answer

CSF on CentOS not removing tempban/tempdeny

I have CSF v5.12 (generic) installed on my CentOS 4.4 server, and am trying to use the tempban/tempdeny feature to temporary add a firewall block to a specific IP. (I am building a PHP script which needs to block abusive users for an hour) The…
Stephen RC
  • 621
  • 3
  • 8
  • 13
0
votes
2 answers

How to block IPs making requests to specific domain?

I have a server with CSF and ModSecurity enabled. I'd like to set up a rule or configuration that will automatically block (for a specified amount of time) any IP that makes incoming requests to a particular subdomain. In this instance it is…
inspirednz
  • 174
  • 9
0
votes
0 answers

Comodo WAF Internal Server Error

I have a Linux server, with the following specifications and in WHM when I want to Comodo WAF open in plugins , I get the following error in the address https://example.com:2087/cgi/addon_cwaf.cgi Error : Internal Server Error 500 Internal Error…
hashem sheikhypour
  • 105
  • 7
0
votes
0 answers

Custom.regex.pm for CSF with mod security

I'm trying to create custom rule that block 403 access triggered by mod security, my modsec audit log look like this: 2022-06-14 02:15:19.241467 [INFO] [1554] [123.123.123.123:597-Q:189D4DD7523532AE-72#somedomain.com]…
Teddybugs
  • 153
  • 10
0
votes
1 answer

Getting random 404 requests from unknown IPs in Apache + Ubuntu server

This is strange. I just installed a new Ubuntu + Apache in my Digitalocean droplet and installed a Laravel APP there. Now suddenly I see these kind of strange POST, GET and CONNECT requests from unknown IPs. Screenshot:…
Xavier Xames
  • 1
0
votes
1 answer

CSF firewall - Only allow FTP access to users connecting via specific hostname

I'd like to only allow FTP access to users who connect via a specific hostname like: portal4321.vps22.hostingserver.com. And block every request which tries to connect to the FTP in a different manner, like ones who use the server IP or…
Peps
  • 23
  • 1
  • 1
  • 7
0
votes
1 answer

CSF not blocking traffic to docker

CSF is installed at host and following is applied https://github.com/juli3nk/csf-post-docker When IP is blocked in CSF, ICMP and request to all other ports gets blocked (except the ones which are configured by docker). If docker0 is listening to…
mg_sa
  • 1
0
votes
1 answer

How to automatically block with MODSEC or CSF an IP Address when it tries to access a URL

We have in our server logs every day continuos bot trying to access the below for example: Requests with error response codes 404 Not Found /favicon.ico: 3 Time(s) /3ckkB-ZOp30: 2 Time(s) /adminer-3.7.1.php: 2 Time(s) /eGfLqNJOuqgur2f: 2…
Devteam9200
  • 1
  • 1
0
votes
1 answer

CSF failed to Start after Ubuntu 20.04 upgrade from 18.04

Today I have upgraded my Ubuntu 18.04.04 VPS server to Ubuntu 20.04. Now CSF not starting and shows the following error and not start the CSF service. *Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ip6tables] in…
Chathu
  • 87
  • 1
  • 11
-1
votes
1 answer

CentOS - how to tell what conf file CSF (firewall) is using? csf.conf then restart not updating

in /etc/csf/csf.conf the following is setup LF_CPANEL = "5" LF_CPANEL_PERM = "3600" restarting csf by doing the following csf -r does not seem to have an impact on the above attributes. According to this log; (cpanel) Failed cPanel login from…
Tom G11
  • 147
  • 2
  • 9
-1
votes
1 answer

cPanel server - Dovecot logins failing on specific IP address

I'm having a strange issue with one of our cPanel/WHM servers where it appears to be failing dovecot (IMAP/POP3) logins only from a specific IP address. The client was setting up a new workstation and had forgotten the password to one of their…
Brett
  • 1
  • 1
  • 3
-1
votes
1 answer

How to connect to our distant server using a local hostname from dyn or -noip on local computer client instead of computer ip?

We using CSF as firewall on CPANEL. We blacklisted all countries except few. Within the CSF there is a dyddns function allowing a FQDN to connect through... We then set up a no-ip.com account with IP/Target being our local computer / ISP public…
makeitup
  • 1
-2
votes
1 answer

CSF *Port Scan* detected - shared hosting

We modified a few options in ConfigServer Firewall configuraion. Ever since the CSF blocking a lot of IP address. Following print sreen: http://oi60.tinypic.com/kdlnh3.jpg What can I modify thereto CSF not blocking a lot of IPs ? Thank you!
Gabor
  • 42
  • 1
  • 6
-5
votes
1 answer

I cannot block an IP

I have a redirect rule on my CSF like the below; 17.1.1.13|80|27.5.5.22|80|tcp 17.1.1.13 is my firewall(csf) and 27.5.5.22 is my web server address. So everybody access my web site through the firewall. Blocking a redirect rule on CSF…
efkan
  • 203
  • 3
  • 9
1 2 3
8
9