Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSF Nightmare !!!!

Discussion in 'Security' started by furquan, Aug 22, 2012.

  1. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Hello all,

    I have been having issues with CSF lately, although i am a big fan of CSF, But i am stuck with an issue.

    I need to DROP all the blocks under CSF, But no matter what i do, i am not able to achieve it.

    I have also gone ahead and deleted the file csf.deny and recreated it, But every time i restart CSF, i can see it showing me all the DROPS and ACCEPT

    PLEASE SOMEONE, help me dropping all the ips from CSF !!!

    Please !!

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure I follow you, in WHM > Plugins > ConfigServer Security & Firewall, Firewall Deny IPs button still shows IPs after you've removed then there and restarted firewall?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Thank you for replying back Infopro,

    No, if i click on that button under WHM, the whole file is empty !!

    But when i restart firewall, I see a lot of DENY entries scrolling in pages !!!

    And i need to remove all the DENY entries !!!..

    Please assit !!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,342
    Likes Received:
    57
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    If you have LF_DSHIELD (>0) , LF_SPAMHAUS (>0) and/or LF_SPAMHAUS_EXTENDED = 1, you're going to be blocking IPs on those lists even if you don't have any specific blocked entries of your own. That would be one reason for a lot of DENIES when you start CSF if you have an otherwise empty csf.deny file.

    M
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Hello Mtindor,

    Yes, the values for "LF_DSHIELD " "LF_SPAMHAUS" is set to 86400 and "LF_SPAMHAUS_EXTENDED " is set to 1

    Please suggest, what needs to be done ?

    Thank you for replying back !!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,342
    Likes Received:
    57
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    The best thing to do is read the instructions regarding those options. If you don't want any IP addresses that are listed at DSHIELD or SPAMHAUS to be blocked, then:

    LF_DSHIELD should be 0
    LF_SPAMHAUS should be 0
    LF_SPAMHAUS_EXTENDED should be 0

    If you set those to 0, none of the IPs on DSHIELD or SPAMHAUS will be denied.

    M
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Ok, got this, But how about dropping all the blocks that are currently listed in the DROP ....

    I need to remove all the DROPS, how can i do do that ?

    any insight on this will really help me..

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,342
    Likes Received:
    57
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    csf -f or csf --stop should remove anything blocked. Of course, LFD might restart things back up.

    Are you referring to port blocks or specific IP blocks? If you don't have anything in csf.deny and you don't have DSHIELD / SPAMHAUS blocking active in CSF, you shouldn't have any specific IPs / IP ranges blocked.

    M
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Mtindor,

    The reason i am so frustrated is because i have a client who has many BlacbBerry users and none of them are able to access the server using their devices and hence i think there is something on the server's firewall that is limiting their access and i believe it is to do with the firewall rules in CSF.

    Can you give me some pointers in this regards too ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,342
    Likes Received:
    57
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I'll PM you. If you're willing to give me some useful information [and not hide your IP, your customers' IP/domain from any log info that I ask of you], I might be able to help.

    Mike
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    WHM > Service Configuration > Mailserver Selection, are you set to use Dovecot here?

    Main >> Service Configuration >> Mailserver Configuration, have you tried tweaking these settings a bit to see if that helps?

    Not sure if any of that is helpful but thought I'd mention all the same. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Mtindor,

    I think i figured it out, the list of DENY IP's belong to china as i have enabled CC_DENY for china and that is the reason i see a those bulk china ip's :)

    I am relived now :d

    Thank you for participating with me in my frustration !!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yeap, that would be some long list to be sure. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    Infopro,

    Can you please let me know what is it that i need to make sure i have enabled for BlackBerry users ? as this is what is the main thing that i need to resolve :(

    Please provide any pointers...

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,342
    Likes Received:
    57
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You're welcome. Glad you figured it out. I didn't even think to consider the CC_DENY possibility.

    I'm relieved too. I don't like participating in other peoples' frustration :)

    M
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    461
    Likes Received:
    3
    Trophy Points:
    168
    hehehe..

    Thank you so much,

    BTW, can you provide me some pointers towards the blackberry issue that i am currently facing and this is the reason i was messing around with CSF ?

    any hints on that ?

    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,342
    Likes Received:
    57
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Oh, I thought the denying of China IPs was your problem. Ok, well, I'd have to ask you some questions, and the answers you give you probably don't want to post in public.

    I sent you a PM. If you want to dialog in PM I can attempt to help you.

    Mike
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice