Good evening!
Last night I tuned up CSF/LFD a little, in the hopes of further deflecting a small bit of failed relay attempts. While my adjustments successfully halted the activity, I began receiving an email every 10 minutes indicating that an I.P. belonging to my home-office computer was banned yet I was able to move around all areas without failure.
I have added my /29 to csf.ignore and verified that the IGNORE_ALLOW value in the csf.conf is set as enabled. The IP in question was added to the allow file through WHM ages ago (I tried adding it and received a message that it had been listed previously). I've also restarted LFD a time or two following this addition to be on the safe side. The false-positive emails are still rolling in, and I'm connected and working in SSH, WHM, FTP, Apache, and Exim.
I find this perplexing since I was in my business office all day, using a system with a static IP that's also set in the csf.allow, and received no instances of this email whatsoever. I came home to work a bit more and these began to roll in. I think we're up to about 15 of them, now.
Side note: I did switch update tiers from CURRENT to RELEASE this evening, and ran a upcp --force as I do whenever I change anything update-related.
This is an OpenVZ container residing on one of my SolusVM slaves. I've emailed one of my clients running in an almost identical configuration on the same slave to see if he can replicate the issue based on the tweaks I made.
Should I involve the folks at ConfigServer/Way To The Web? Is this worthy of opening a cPanel support ticket, perhaps? Has such an issue been reported in the past?
I've been extremely busy and have an overnight deployment beginning soon, so my Google searches and skims through the ConfigServer forums have been brief, so far.
If anyone's seen this before I'd love to know if I missed a setting or if this is happening to someone besides me. Otherwise I'll just roll back and start again.
Thanks for listenin'
John
cPU #ycng-050617
Last night I tuned up CSF/LFD a little, in the hopes of further deflecting a small bit of failed relay attempts. While my adjustments successfully halted the activity, I began receiving an email every 10 minutes indicating that an I.P. belonging to my home-office computer was banned yet I was able to move around all areas without failure.
I have added my /29 to csf.ignore and verified that the IGNORE_ALLOW value in the csf.conf is set as enabled. The IP in question was added to the allow file through WHM ages ago (I tried adding it and received a message that it had been listed previously). I've also restarted LFD a time or two following this addition to be on the safe side. The false-positive emails are still rolling in, and I'm connected and working in SSH, WHM, FTP, Apache, and Exim.
I find this perplexing since I was in my business office all day, using a system with a static IP that's also set in the csf.allow, and received no instances of this email whatsoever. I came home to work a bit more and these began to roll in. I think we're up to about 15 of them, now.
Side note: I did switch update tiers from CURRENT to RELEASE this evening, and ran a upcp --force as I do whenever I change anything update-related.
This is an OpenVZ container residing on one of my SolusVM slaves. I've emailed one of my clients running in an almost identical configuration on the same slave to see if he can replicate the issue based on the tweaks I made.
Should I involve the folks at ConfigServer/Way To The Web? Is this worthy of opening a cPanel support ticket, perhaps? Has such an issue been reported in the past?
I've been extremely busy and have an overnight deployment beginning soon, so my Google searches and skims through the ConfigServer forums have been brief, so far.
If anyone's seen this before I'd love to know if I missed a setting or if this is happening to someone besides me. Otherwise I'll just roll back and start again.
Thanks for listenin'
John
cPU #ycng-050617
