1. S

    CSF alert shows 2 different PHP versions

    Hi all, Sometimes we receive the following CSF alert: User:username PID:1104717 PPID:1037364 Run Time:89(secs) Memory:669564(kb) RSS:34536(kb) exe:/opt/alt/php56/usr/bin/php-cgi cmd:/opt/cpanel/ea-php73/root/usr/bin/php-cgi /home/username/public_html/index.php Does anyone know why exe shows...
  2. G

    Adding to CSF's Temporary Deny via PHP

    I'm using CSF (ConfigServer Firewall). Can you guys suggest a way to add an IP to the Temporary Deny list from a user's PHP? I know how to do it with the CSF GUI and by SSH, but I'm hoping to figure out a way to add IPs that try to access certain pages that don't exist (like "wp-login.php")...
  3. R

    Close All Port But Allow List

    Hello I have a server with centos OS with cpanel control panel and firewall CSF. I want close all output ports except allowed list IPs. would you please help me, how can I close port?
  4. cPanelResources

    Tutorial SMTP Restrictions (WHM) versus SMTP_BLOCK (CSF)

    Overview When attempting to secure your server against spam,you might consider enabling the SMTP Restrictions option in WHM or if you have the third-party ConfigServer Security & Firewall (CSF) plugin, the SMTP_BLOCK feature. This article is designed to explain how these two services affect the...
  5. 000

    What is waiting for ch?

    hello, I have installed CSF + LFD. Each X time I get this message: lfd on SERVER: Excessive resource usage: goodUSER (15835 (Parent PID:29609)) then I seek command to get time process running, and I get: [email protected] [~]# ps -eo pid,cmd,lstart | grep 29609 29609 cpanellogd - waiting for ch...
  6. A

    Ban list of IPs or entire countries?

    Hello. Is there a way to ban CHINA because lot of them or all of traffic are robots and crawlers and malware i have liste of one ASN from one ISP THANK YOU
  7. S

    Where do I add Cloudflare IPs to whitelist them?

    Hi, I am trying to improve performance on my website and have just signed up to Cloudflare free account. As part of the instructions is says to add a number of IP addresses to the server whitelist. I found this post: Cloudflare blocked in firewall alerts which says to add the IPs to...
  8. J

    Firewall configuration file changed?

    I've been running WHM/Cpanel on Servers For at least 12 years along with CSF/LFD. Yesterday all of the sudden the server wouldn't accept WHM connection on port 2087. I immediately tried bringing it up on my mobile phone to see if for some reason by connecting from my hotel the system had auto...
  9. L

    lfd Excessive resource

    Hi, I have an issue and i do not know how to handle. I receive a lot of mails like this Time: Sun Jan 6 13:01:56 2019 +0200 Account: xxxx Resource: Process Time Exceeded: 299479 > 3600 (seconds) Executable: /opt/cpanel/ea-php71/root/usr/bin/lsphp Command Line: lsphp...
  10. K

    SOLVED Manually Force CSF Update

    I see many people using the wrong command to update CSF, it must be in this manner: curl -sL https://download.configserver.com/csupdate | perl Hope this helps Kervol
  11. S

    SOLVED Suspicious process running under user

    I would like cPanel/WHM to stop sending me emails about two specific "Suspicious process running under" processes. These two are: 1. Account: redis Executable: /usr/bin/redis-server Command Line: /usr/bin/redis-server 2. Account: peertube Executable: /usr/bin/node Command Line...
  12. USA_Webmaster

    Disable lfd email alerts for whitelisted IP?

    I was trying to reply to this thread but forums locked old post -- Viewing Successful Root Login Log --- Hey @cPanelMichael :-D I just checked WHM >> cPHulk Brute Force Protection Whitelist Management tab for VPS WHMCS IP and it's already listed. Why am I still getting email alert lfg...
  13. T

    SOLVED [CPANEL-23314] CSF Suspicious File Alerts (/tmp/pma_template_compiles) after V76 Update

    Hello, I know that CSF/LFD is a non cPanel product, so i do not want to discuss something about it directly (how to disable alerts etc...). After v76 i started to receive this alerts: Suspicious File Alert File...
  14. M

    IP being blocked in firewall - not showing up in lfd.log

    So something on me network is triggering a permanent block on our server. I've searched all the logs in csf.syslog as well as cHulk tools and there's no sign of our public IP. I do a Quick Unblock of the IP via my cell data network (and get confirmation that the IP was in the permanent block...
  15. T

    SOLVED LFD Hung Task Timeout Error

    Hi everyone INFO: task lfd - (child) p:21289 blocked for more than 120 seconds "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this messages This error is appearing every morning on my server , and web pages are not loaded then Anyone can give me advice
  16. durangod

    SOLVED Configserver green ips in deny ip list

    Hi, i know this is not a cpanel issue... But i was wondering if anyone knew what the green text ip's listed in the deny ip mean. I posted a list of about 30 ips that had been running scripts on my site for days now to the deny ip part of configserver via the UI. I noticed when i pasted them...
  17. P

    SOLVED SMTP Restrictions Disabled but Still Blocked

    Hi, I've disabled SMTP restrictions so an account can send email via a third-party SMTP server (Office 365). The issue is, for end-user accounts, port 587 is still blocked despite disabling SMTP restrictions. For root however, it's not blocked - as if SMTP restrictions were still enabled. I've...
  18. O

    SOLVED No hostname found for IP address

    Hi!, We have a problem after upgrade to 74 version of Cpanel, when someone try to generate a conection SMTP to our server and the public IP that is trying to conect doesn't have a reverse DNS, an entrie of wrong syntax is record. LF_EXIMSYNTAX is configurated with 10. After complete 10 access...
  19. S

    Use csf to block incoming hits to extra local IPs?

    My servers main IP is say 204.11.xx.xxx. When I run ifconfig I have a bunch other IPs I've allocated to my server such as 204.11.xx.xxx,204.11.xx.xxx, 204.11.xx.xxx, etc. I don't use these IPs. should I block them with csf? how? I don't want to block anything incoming to my main IP of...
  20. S

    csf.conf not rotating csf.deny entires?

    I have a problem I think. I'm running cPanel 72.0.7. I have mod_security2 blocking wp-login.php hack attempts. It works fine. Entires are added to /etc/csf.deny automatically per the rule. Problem is when my csf.deny hits the DENY_IP_LIMIT (set to 2000) defined in csf.conf, it does not...