ConfigServer Firewall Not Working Properly.

piyushmaheswari

Well-Known Member
Apr 18, 2020
74
2
8
India
cPanel Access Level
Root Administrator
Sir I installed latest ConfigServer firewall csf but it's not working properly. Sometimes it shows stopped and some times it shows enabled.
I see this logs -

Jun 18 20:47:35 server lfd[986063]: IPv6 Enabled...
Jun 18 20:47:35 server lfd[986063]: LOAD Tracking...
Jun 18 20:47:35 server lfd[986063]: Country Code Lookups...
Jun 18 20:47:35 server lfd[986063]: System Integrity Tracking...
Jun 18 20:47:35 server lfd[986063]: Exploit Tracking...
Jun 18 20:47:35 server lfd[986063]: Directory Watching...
Jun 18 20:47:35 server lfd[986063]: Email Queue Tracking...
Jun 18 20:47:35 server lfd[986063]: ModSecurity IP D/B Tracking...
Jun 18 20:47:35 server lfd[986063]: Email Relay Tracking...
Jun 18 20:47:35 server lfd[986063]: Temp to Perm Block Tracking...
Jun 18 20:47:35 server lfd[986063]: System Statistics...
Jun 18 20:47:35 server lfd[986063]: Process Tracking...
Jun 18 20:47:35 server lfd[986087]: *User Processing* PID:939910 Kill:0 User:mrlooter Time:2330 EXE:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs CMD:lsphp
Jun 18 20:47:35 server lfd[986063]: Account Tracking...
Jun 18 20:47:35 server lfd[986063]: SSH Tracking...
Jun 18 20:47:35 server lfd[986063]: Webmin Tracking...
Jun 18 20:47:35 server lfd[986063]: SU Tracking...
Jun 18 20:47:35 server lfd[986063]: Console Tracking...
Jun 18 20:47:35 server lfd[986063]: WHM Tracking...
Jun 18 20:47:35 server lfd[986063]: Watching /usr/local/cpanel/logs/access_log...
Jun 18 20:47:35 server lfd[986063]: Watching /var/log/customlog...
Jun 18 20:47:35 server lfd[986063]: Watching /var/log/maillog...
Jun 18 20:47:35 server lfd[986063]: Watching /var/log/messages...
Jun 18 20:47:35 server lfd[986063]: Watching /var/log/secure...
Jun 18 20:47:35 server lfd[986063]: Watching /var/log/exim_mainlog...
Jun 18 20:47:35 server lfd[986063]: Watching /etc/apache2/logs/error_log...
Jun 18 20:47:35 server lfd[986063]: Watching /usr/local/cpanel/logs/login_log...
Jun 18 20:48:36 server lfd[986917]: *User Processing* PID:951631 Kill:0 User:herolooter Time:1827 EXE:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs CMD:lsphp
Jun 18 20:48:37 server lfd[986063]: Main Process: TERM
Jun 18 20:48:37 server lfd[986063]: daemon stopped
Jun 18 20:49:36 server lfd[988273]: daemon started on server.netcloudns.com - csf v14.03 (cPanel)
Jun 18 20:49:36 server lfd[988273]: LF_APACHE_ERRPORT: Set to [2]
Jun 18 20:49:36 server lfd[988273]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Jun 18 20:49:36 server lfd[988273]: EasyApache4, using /etc/apache2/logs/error_log instead of /usr/local/apache/logs/error_log (Web Server)
Jun 18 20:49:36 server lfd[988273]: EasyApache4, using /etc/apache2/logs/error_log instead of /usr/local/apache/logs/error_log {ModSecurity}
Jun 18 20:49:36 server lfd[988273]: CSF Tracking...
Jun 18 20:49:36 server lfd[988273]: IPv6 Enabled...
Jun 18 20:49:36 server lfd[988273]: LOAD Tracking...
Jun 18 20:49:36 server lfd[988273]: Country Code Lookups...
Jun 18 20:49:36 server lfd[988273]: System Integrity Tracking...
Jun 18 20:49:36 server lfd[988273]: Exploit Tracking...
Jun 18 20:49:36 server lfd[988273]: Directory Watching...
Jun 18 20:49:36 server lfd[988273]: Email Queue Tracking...
Jun 18 20:49:36 server lfd[988273]: ModSecurity IP D/B Tracking...
Jun 18 20:49:36 server lfd[988273]: Email Relay Tracking...
Jun 18 20:49:36 server lfd[988273]: Temp to Perm Block Tracking...
Jun 18 20:49:36 server lfd[988273]: System Statistics...
Jun 18 20:49:36 server lfd[988273]: Process Tracking...
Jun 18 20:49:36 server lfd[988297]: *User Processing* PID:939910 Kill:0 User:mrlooter Time:2450 EXE:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs CMD:lsphp
Jun 18 20:49:36 server lfd[988273]: Account Tracking...
Jun 18 20:49:36 server lfd[988273]: SSH Tracking...
Jun 18 20:49:36 server lfd[988273]: Webmin Tracking...
Jun 18 20:49:36 server lfd[988273]: SU Tracking...
Jun 18 20:49:36 server lfd[988273]: Console Tracking...
Jun 18 20:49:36 server lfd[988273]: WHM Tracking...
Jun 18 20:49:36 server lfd[988273]: Watching /var/log/customlog...
Jun 18 20:49:36 server lfd[988273]: Watching /usr/local/cpanel/logs/access_log...
Jun 18 20:49:36 server lfd[988273]: Watching /var/log/secure...
Jun 18 20:49:36 server lfd[988273]: Watching /var/log/exim_mainlog...
Jun 18 20:49:36 server lfd[988273]: Watching /var/log/maillog...
Jun 18 20:49:36 server lfd[988273]: Watching /usr/local/cpanel/logs/login_log...
Jun 18 20:49:36 server lfd[988273]: Watching /var/log/messages...
Jun 18 20:49:36 server lfd[988273]: Watching /etc/apache2/logs/error_log...
Jun 18 20:49:36 server lfd[988297]: *User Processing* PID:951631 Kill:0 User:herolooter Time:1888 EXE:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs CMD:lsphp
Jun 18 20:50:50 server lfd[988273]: Main Process: TERM
Jun 18 20:50:50 server lfd[988273]: daemon stopped
Jun 18 20:51:30 server lfd[990593]: daemon started on server.netcloudns.com - csf v14.03 (cPanel)
Jun 18 20:51:30 server lfd[990593]: LF_APACHE_ERRPORT: Set to [2]
Jun 18 20:51:30 server lfd[990593]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Jun 18 20:51:30 server lfd[990593]: EasyApache4, using /etc/apache2/logs/error_log instead of /usr/local/apache/logs/error_log (Web Server)
Jun 18 20:51:30 server lfd[990593]: EasyApache4, using /etc/apache2/logs/error_log instead of /usr/local/apache/logs/error_log {ModSecurity}
Jun 18 20:51:30 server lfd[990593]: CSF Tracking...
Jun 18 20:51:30 server lfd[990593]: IPv6 Enabled...
Jun 18 20:51:30 server lfd[990593]: LOAD Tracking...
Jun 18 20:51:30 server lfd[990593]: Country Code Lookups...
Jun 18 20:51:30 server lfd[990593]: System Integrity Tracking...
Jun 18 20:51:30 server lfd[990593]: Exploit Tracking...
Jun 18 20:51:30 server lfd[990593]: Directory Watching...
Jun 18 20:51:30 server lfd[990593]: Email Queue Tracking...
Jun 18 20:51:30 server lfd[990593]: ModSecurity IP D/B Tracking...
Jun 18 20:51:30 server lfd[990593]: Email Relay Tracking...
Jun 18 20:51:30 server lfd[990593]: Temp to Perm Block Tracking...
Jun 18 20:51:30 server lfd[990593]: System Statistics...
Jun 18 20:51:30 server lfd[990593]: Process Tracking...
Jun 18 20:51:30 server lfd[990616]: *User Processing* PID:939910 Kill:0 User:mrlooter Time:2564 EXE:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs CMD:lsphp
Jun 18 20:51:30 server lfd[990593]: Account Tracking...
Jun 18 20:51:30 server lfd[990593]: SSH Tracking...
Jun 18 20:51:30 server lfd[990593]: Webmin Tracking...
Jun 18 20:51:30 server lfd[990593]: SU Tracking...
Jun 18 20:51:30 server lfd[990593]: Console Tracking...
Jun 18 20:51:30 server lfd[990593]: WHM Tracking...
Jun 18 20:51:30 server lfd[990593]: Watching /usr/local/cpanel/logs/access_log...
Jun 18 20:51:30 server lfd[990593]: Watching /var/log/customlog...
Jun 18 20:51:30 server lfd[990593]: Watching /var/log/secure...
Jun 18 20:51:30 server lfd[990593]: Watching /var/log/exim_mainlog...
Jun 18 20:51:30 server lfd[990593]: Watching /usr/local/cpanel/logs/login_log...
Jun 18 20:51:30 server lfd[990593]: Watching /etc/apache2/logs/error_log...
Jun 18 20:51:30 server lfd[990593]: Watching /var/log/messages...
Jun 18 20:51:30 server lfd[990593]: Watching /var/log/maillog...
Jun 18 20:51:30 server lfd[990616]: *User Processing* PID:951631 Kill:0 User:herolooter Time:2002 EXE:/opt/cpanel/ea-php72/root/usr/bin/lsphp.cagefs CMD:lsphp

Please anyone help me.
 

andrew.n

Well-Known Member
Jun 9, 2020
276
56
28
EU
cPanel Access Level
Root Administrator
Have you disabled the Testing in the first few lines of /etc/csf/csf.conf file?
 

andrew.n

Well-Known Member
Jun 9, 2020
276
56
28
EU
cPanel Access Level
Root Administrator
Are you on a VPS? If yes do you know what virtualisation? Are you able to attach the log when you start CSF? It's a bit hard to diagnose with only this info :(