csf

Hi all, Sometimes we receive the following CSF alert: User:username PID:1104717 PPID:1037364 Run Time:89(secs) Memory:669564(kb) RSS:34536(kb) exe:/opt/alt/php56/usr/bin/php-cgi cmd:/opt/cpanel/ea-php73/root/usr/bin/php-cgi /home/username/public_html/index.php Does anyone know why exe shows...

I'm using CSF (ConfigServer Firewall). Can you guys suggest a way to add an IP to the Temporary Deny list from a user's PHP? I know how to do it with the CSF GUI and by SSH, but I'm hoping to figure out a way to add IPs that try to access certain pages that don't exist (like "wp-login.php")...

Hello I have a server with centos OS with cpanel control panel and firewall CSF. I want close all output ports except allowed list IPs. would you please help me, how can I close port?

Overview When attempting to secure your server against spam,you might consider enabling the SMTP Restrictions option in WHM or if you have the third-party ConfigServer Security & Firewall (CSF) plugin, the SMTP_BLOCK feature. This article is designed to explain how these two services affect the...

hello, I have installed CSF + LFD. Each X time I get this message: lfd on SERVER: Excessive resource usage: goodUSER (15835 (Parent PID:29609)) then I seek command to get time process running, and I get: [email protected] [~]# ps -eo pid,cmd,lstart | grep 29609 29609 cpanellogd - waiting for ch...

Hello. Is there a way to ban CHINA because lot of them or all of traffic are robots and crawlers and malware i have liste of one ASN from one ISP THANK YOU

Hi, I am trying to improve performance on my website and have just signed up to Cloudflare free account. As part of the instructions is says to add a number of IP addresses to the server whitelist. I found this post: Cloudflare blocked in firewall alerts which says to add the IPs to...

I've been running WHM/Cpanel on Servers For at least 12 years along with CSF/LFD. Yesterday all of the sudden the server wouldn't accept WHM connection on port 2087. I immediately tried bringing it up on my mobile phone to see if for some reason by connecting from my hotel the system had auto...

Hi, I have an issue and i do not know how to handle. I receive a lot of mails like this Time: Sun Jan 6 13:01:56 2019 +0200 Account: xxxx Resource: Process Time Exceeded: 299479 > 3600 (seconds) Executable: /opt/cpanel/ea-php71/root/usr/bin/lsphp Command Line: lsphp...

I see many people using the wrong command to update CSF, it must be in this manner: curl -sL https://download.configserver.com/csupdate | perl Hope this helps Kervol

I would like cPanel/WHM to stop sending me emails about two specific "Suspicious process running under" processes. These two are: 1. Account: redis Executable: /usr/bin/redis-server Command Line: /usr/bin/redis-server 127.0.0.1:6379 2. Account: peertube Executable: /usr/bin/node Command Line...

I was trying to reply to this thread but forums locked old post -- Viewing Successful Root Login Log --- Hey @cPanelMichael :-D I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg...

Hello, I know that CSF/LFD is a non cPanel product, so i do not want to discuss something about it directly (how to disable alerts etc...). After v76 i started to receive this alerts: Suspicious File Alert File...

So something on me network is triggering a permanent block on our server. I've searched all the logs in csf.syslog as well as cHulk tools and there's no sign of our public IP. I do a Quick Unblock of the IP via my cell data network (and get confirmation that the IP was in the permanent block...

Hi everyone INFO: task lfd - (child) p:21289 blocked for more than 120 seconds "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this messages This error is appearing every morning on my server , and web pages are not loaded then Anyone can give me advice

Hi, i know this is not a cpanel issue... But i was wondering if anyone knew what the green text ip's listed in the deny ip mean. I posted a list of about 30 ips that had been running scripts on my site for days now to the deny ip part of configserver via the UI. I noticed when i pasted them...

Hi, I've disabled SMTP restrictions so an account can send email via a third-party SMTP server (Office 365). The issue is, for end-user accounts, port 587 is still blocked despite disabling SMTP restrictions. For root however, it's not blocked - as if SMTP restrictions were still enabled. I've...

Hi!, We have a problem after upgrade to 74 version of Cpanel, when someone try to generate a conection SMTP to our server and the public IP that is trying to conect doesn't have a reverse DNS, an entrie of wrong syntax is record. LF_EXIMSYNTAX is configurated with 10. After complete 10 access...

My servers main IP is say 204.11.xx.xxx. When I run ifconfig I have a bunch other IPs I've allocated to my server such as 204.11.xx.xxx,204.11.xx.xxx, 204.11.xx.xxx, etc. I don't use these IPs. should I block them with csf? how? I don't want to block anything incoming to my main IP of...

I have a problem I think. I'm running cPanel 72.0.7. I have mod_security2 blocking wp-login.php hack attempts. It works fine. Entires are added to /etc/csf.deny automatically per the rule. Problem is when my csf.deny hits the DENY_IP_LIMIT (set to 2000) defined in csf.conf, it does not...