looking for advice on security/CSF

[Mielsvs]

I hope this is the right place for a request like this.

We're looking for some advice on how to tune our csf configuration to our needs. We are running our own VPS on CentOS using cPanel.

We're not a commercial business (we run a forum). There is a budget, but it is quite limited.

Specific reason atm: We're having a hard time getting FTPS to work flawlessly and besides we're experiencing regular false positives on modsec. Though this might be the reason of my request, we would like a broader review review of security.

Is there anybody who can help us out, or does anybody have an idea on how to obtain (trustworthy) advice?

I have already approached the people behind CSF, but they don't offer such a service. Their forums aren't as active as cPanel's, so that's why I'm asking here.

 

[cPanelMichael]

Hello

Could you provide some more information on exact part of it's configuration you are attempting to tune? For instance, what issues are you having with FTPS that you feel might be related to CSF?

Thank you.

 

[Mielsvs]

when transferring a folder via ftps errors like this one occur:

< 2014-05-26 09:32:30.937 150 Accepted data connection
. 2014-05-26 09:32:30.947 SSL connection established
. 2014-05-26 09:32:30.956 Disconnected from server
. 2014-05-26 09:32:30.956 Copying files to remote side failed.
. 2014-05-26 09:32:30.956 Connection was lost, asking what to do.
. 2014-05-26 09:32:30.956 Asking user:
. 2014-05-26 09:32:30.956 Lost connection. ("type=cdir;sizd=4096;modify=20140520214257;UNIX.mode=(...)","Disconnected from server","Copying files to remote side failed.","Accepted data connection")


> 2014-05-26 09:32:49.093 TYPE A
< 2014-05-26 09:32:49.102 200 TYPE is now ASCII
> 2014-05-26 09:32:49.102 PASV
. 2014-05-26 09:32:49.111 Disconnected from server
. 2014-05-26 09:32:49.111 Copying files to remote side failed.
. 2014-05-26 09:32:49.111 Connection was lost, asking what to do.
. 2014-05-26 09:32:49.111 Asking user:
. 2014-05-26 09:32:49.111 Lost connection. ("Disconnected from server","Copying files to remote side failed.","TYPE is now ASCII")


> 2014-05-26 09:33:05.921 CWD /onderhoud/deleteme/admin/applications/core/setup/versions/upg_22007/
. 2014-05-26 09:33:05.940 Disconnected from server
. 2014-05-26 09:33:05.940 Copying files to remote side failed.
. 2014-05-26 09:33:05.940 Connection was lost, asking what to do.
. 2014-05-26 09:33:05.940 Asking user:
. 2014-05-26 09:33:05.940 Lost connection. ("Disconnected from server","Copying files to remote side failed.")

When sending same folder over SFTP (with different user) it's all fine.

besides this ModSecurity is blocking some IP's on a daily basis, we're uncertain if this is justified though.

In general I'm configuring CSF for the first time. I'm sure there are some good practices you will learn over time, so we're missing out on those for now. Some assistence of a more experienced person could solve this.