Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewalls keep getting turned off

Discussion in 'General Discussion' started by cannon303, Aug 12, 2017.

Tags:
  1. cannon303

    cannon303 Registered

    Joined:
    Aug 12, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    hull
    cPanel Access Level:
    Root Administrator
    Hi I'm new to this forum so hope i'm posting in the right place. I have a dedicated server with WHM and all accounts have cpanel. It is managed hosting. Lately I have found that a number of accounts have experienced high level of email spam and noticed that cphulk, csf firewalls and spamassassin were all turned off. I havent turned them off so I made sure everything was enabled back the way I want it only to find later that cphulk, csf and spamassassin were all turned off again. This has happened 3 times now in the last 3 weeks. I have changed all passwords but to no avail. Can anyone tell me why all my security facilities keep getting disabled? Is there any bugs that have been reported? My tech support say they haven't changed any settings so who or what could be doing this?

    Thanks for your help!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,372
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you notice any entries in the /root/.bash_history file or in /usr/local/cpanel/logs/access_log that suggests the firewall was manually disabled by someone with root access to the system?

    Thank you.
     
  3. cannon303

    cannon303 Registered

    Joined:
    Aug 12, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    hull
    cPanel Access Level:
    Root Administrator
    Hi thanks for your reply, I'm on managed hosting and have queried this and my tech support said that logs were not recording during this period. They have since enabled access logs. I have seen access logs before so no idea why they would be switched off. Can they be switched off? Sounds strange to me.
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    301
    Likes Received:
    88
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    v66.0.18

    There really should be nothing that deliberately switches off the csf/firewall process.

    In case the issue is a technical one (eg the process is/are being killed due to lack of memory etc) go to.....
    WHM >> Service Configuration >> Service Manager
    ......and ensure that lfd, cPHulk Daemon and Apache SpamAssassin is checked in Enabled and Monitor boxes, and that tailwatchd is enabled.

    At least the system will monitor and alert you if a process dies, is killed or has been disabled, and will attempt to restart it.

    This is not a substitute for ascertaining what is killing the process in the first place. Be vigilant of your log files as suggested by cPanelMichael for any clues.
     
    cPanelMichael likes this.
Loading...

Share This Page