lfd

  1. W

    API for LFD Quick Allow?

    Is there an API or URL with GET params that i can call via cURL to unblock an IP address. We'd like to include this in our tech support engr's interface. thanks
  2. W

    LFD firewall (linux LAMP server) allows IP thru after blocking

    LFD firewall still allowing IP addresses thru that were already blocked I've noticed several separate instances recently, two typical ones are described here. 1. i had manually added an IP address due to web form spam. Then we got several MORE from the same IP address that had been...
  3. E

    lfd failed

    I continuously getting lfd failed messages. How I can get ride on it.. In Service Status it show up.
  4. T

    httpd, lfd, httpd, cpsrvd, lfd failed and restarted multiple times. What now?

    Cpanel installed on Centos 5.2 on a dedicated server. This morning, I received multiple emails about services being restarted. About 20 minutes apart, with nothing that I coudl see going on with the server, I had multiple services fail and restart. How do I trouble shoot this to see if...
  5. I

    lfd: Excessive resource usage

    Hi after last update of CSF I get this alert for many account every 10 minutes : lfd: Excessive resource usage: xxxxxx (5411) Time: Fri Sep 12 04:04:52 2008 +0200 Account: xxxxx Resource: Process Time Exceeded: 65734 > 1800 (seconds) Executable...
  6. Kent Brockman

    Service Manager not detecting when lfd is stopped

    Hi. lfd is a module being part of the ConfigServer Firewall (CSF). From time to time, one of my boxes is overhelmed of concurrent processes (nightly upcp, backups, mailman archiving, logwatch, etc) and lfd stops with a memory error (cannot fork). Although Tailwatchd remains active. There is a...
  7. B

    Does anyone know if Chirpy's lfd will work if I syslog to a remote log server?

    Does anyone know if Chirpy's lfd will work if I syslog to a remote log server?
  8. P

    lfd: High 5 minute load average alert - 37.96

    (Complete log file attached) Does anyone see a problem with this? I can't figure it out. Thanks, C. Scott Williams
  9. C

    LFD detecting MD5 checksum errors on sys files

    Hello, For the past 4-5 days, LFD has been e-mailing me, saying nearly every file in /usr/bin/ and /usr/sbin /bin/ has failed the last MD5 last checksum. I did see in my back log of emails, the server is a small update, but I've gotten pages of files between all the emails so far. Here...
  10. R

    lfd: Suspicious process running under user nobody

    Hello, We get multiple lfd alerts, saying suspicious process running under user nobody. Executable: /usr/local/cpanel/bin/cpwrap Command Line (often faked in exploits): /usr/local/cpanel/bin/eximwrap GETDISKUSED SomeUser SomeDomain.Com Network connections by the process (if any): tcp...
  11. B

    lfd out of control...

    lfd on one server has started killing processes left and right. Most emails look like the following: Time: Tue Sep 4 08:43:36 2007 Account: root Resource: Process Time Exceeded: 294156 > 1800 (seconds) Executable: /sbin/init Command Line: init PID: 1...
  12. X

    lfd failed

    Main >> Server Status >> Service Status This shows that lfd failed Yet when i go to Main >> ConfigServer Security & Firewall - csf v2.79 It says Status of lfd:lfd (pid 11758) is running... Which one is correct? And what can I do? Thanks
  13. S

    lfd alert for high server load. Who's the culprit?

    Hi there everyone, I got a notice that the server load spiked through lfd. The problem is that I don't see the culprit in the report. The server load is .15 right now, which is actually about normal for it. These numbers are way off the chart comparatively. Any help would be appreciated:
  14. B

    lfd: Suspicious process running under user bintanne

    We got this message from lfd and csf which was installed on oour server. We are not sure if its a legit process, can any experts out there please advise? Thank you. Time: Tue May 8 03:10:51 2007 PID: 10022 Account: bintanne Uptime: 98 seconds Executable...
  15. Giorgi

    lfd: High 5 minute load average alert - 427.32

    My server get crashed :( Can anybody explain what is causing such high load? LOG ATTACHED thank you
  16. C

    lfd: High 5 minute load average alert

    Can somebody please tell me what this email means? I have two them, 3 hours apart, in my mail box now :confused: lfd: High 5 minute load average alert Time: Fri May 4 04:13:07 2007 1 Min Load Avg: 6.27 5 Min Load Avg: 6.00 15 Min Load Avg...
  17. M

    csf / lfd ,How keeps allow FTP users

    csf / lfd ,How keeps allow FTP process? Dear all: EX: In csf.deny : 163.XX.XX.XX # lfd: 163.XX.XX.XX found to have 471 connections - Fri Mar 16 15:41:51 2007 How keeps allow FTP process in lfd ? Let all users can be ignored by lfd in FTP more connections, not ignored by IP address...
  18. bmcpanel

    cPHulk Brute Force -- Will it break LFD?

    WHM 11.0.0 cPanel 11.1-E381 REDHAT Enterprise 4 i686 - WHM X v3.1.0 Just noticed that the Security Center in WHM in the latest Edge build has a CPHulk brute force protection. I have CSF/LFD and it seems to protect the server very well against Brute Force attacks. In my case, is there...
  19. M

    lfd question

    Hello guys, My lfd service is sending me this email: --- On Mon Feb 19 15:32:16 2007, the Login Failure Daemon detected [email protected] logging into pop3d from 200.48.xx.xx (mail.anotherdomain.com.pe) 61 times within the last 1545 seconds. The maximum allowed login rate is 60/hour (3600...
  20. isputra

    Strange Report from LFD

    Hi, I just received report from LFD like below : -------------------------------------- On Sat Feb 17 19:45:20 2007, the Login Failure Daemon detected 207.58.149.229 (transfer.cpanel11.com) generating 9 (mod_security) login failures within the last 230 seconds and was blocked. Log...