The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSF Nightmare !!!!

Discussion in 'Security' started by furquan, Aug 22, 2012.

  1. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Hello all,

    I have been having issues with CSF lately, although i am a big fan of CSF, But i am stuck with an issue.

    I need to DROP all the blocks under CSF, But no matter what i do, i am not able to achieve it.

    I have also gone ahead and deleted the file csf.deny and recreated it, But every time i restart CSF, i can see it showing me all the DROPS and ACCEPT

    PLEASE SOMEONE, help me dropping all the ips from CSF !!!

    Please !!

    Thank you
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure I follow you, in WHM > Plugins > ConfigServer Security & Firewall, Firewall Deny IPs button still shows IPs after you've removed then there and restarted firewall?
     
  3. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Thank you for replying back Infopro,

    No, if i click on that button under WHM, the whole file is empty !!

    But when i restart firewall, I see a lot of DENY entries scrolling in pages !!!

    And i need to remove all the DENY entries !!!..

    Please assit !!
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If you have LF_DSHIELD (>0) , LF_SPAMHAUS (>0) and/or LF_SPAMHAUS_EXTENDED = 1, you're going to be blocking IPs on those lists even if you don't have any specific blocked entries of your own. That would be one reason for a lot of DENIES when you start CSF if you have an otherwise empty csf.deny file.

    M
     
  5. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Hello Mtindor,

    Yes, the values for "LF_DSHIELD " "LF_SPAMHAUS" is set to 86400 and "LF_SPAMHAUS_EXTENDED " is set to 1

    Please suggest, what needs to be done ?

    Thank you for replying back !!
     
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    The best thing to do is read the instructions regarding those options. If you don't want any IP addresses that are listed at DSHIELD or SPAMHAUS to be blocked, then:

    LF_DSHIELD should be 0
    LF_SPAMHAUS should be 0
    LF_SPAMHAUS_EXTENDED should be 0

    If you set those to 0, none of the IPs on DSHIELD or SPAMHAUS will be denied.

    M
     
  7. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Ok, got this, But how about dropping all the blocks that are currently listed in the DROP ....

    I need to remove all the DROPS, how can i do do that ?

    any insight on this will really help me..

    Thank you
     
  8. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    csf -f or csf --stop should remove anything blocked. Of course, LFD might restart things back up.

    Are you referring to port blocks or specific IP blocks? If you don't have anything in csf.deny and you don't have DSHIELD / SPAMHAUS blocking active in CSF, you shouldn't have any specific IPs / IP ranges blocked.

    M
     
  9. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Mtindor,

    The reason i am so frustrated is because i have a client who has many BlacbBerry users and none of them are able to access the server using their devices and hence i think there is something on the server's firewall that is limiting their access and i believe it is to do with the firewall rules in CSF.

    Can you give me some pointers in this regards too ?
     
  10. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I'll PM you. If you're willing to give me some useful information [and not hide your IP, your customers' IP/domain from any log info that I ask of you], I might be able to help.

    Mike
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    WHM > Service Configuration > Mailserver Selection, are you set to use Dovecot here?

    Main >> Service Configuration >> Mailserver Configuration, have you tried tweaking these settings a bit to see if that helps?

    Not sure if any of that is helpful but thought I'd mention all the same. :)
     
  12. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Mtindor,

    I think i figured it out, the list of DENY IP's belong to china as i have enabled CC_DENY for china and that is the reason i see a those bulk china ip's :)

    I am relived now :d

    Thank you for participating with me in my frustration !!!
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yeap, that would be some long list to be sure. :)
     
  14. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    Infopro,

    Can you please let me know what is it that i need to make sure i have enabled for BlackBerry users ? as this is what is the main thing that i need to resolve :(

    Please provide any pointers...

    Thank you
     
  15. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You're welcome. Glad you figured it out. I didn't even think to consider the CC_DENY possibility.

    I'm relieved too. I don't like participating in other peoples' frustration :)

    M
     
  16. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    hehehe..

    Thank you so much,

    BTW, can you provide me some pointers towards the blackberry issue that i am currently facing and this is the reason i was messing around with CSF ?

    any hints on that ?

    Thank you
     
  17. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Oh, I thought the denying of China IPs was your problem. Ok, well, I'd have to ask you some questions, and the answers you give you probably don't want to post in public.

    I sent you a PM. If you want to dialog in PM I can attempt to help you.

    Mike
     
Loading...

Share This Page