Knowledge Base

CSF Configuration

cPGuard provides an interface to modify few of your CSF settings in an easy way. We have carefully selected the options to modify using the interface based on our of view and user feedback. If you want to add more options to the interface please contact our Support Department and we will review the request.

Short description of each configuration included in the CSF Configuration editor interface is given below.

LF_SCRIPT_ALERT

This setting will then send an alert email if more than LF_SCRIPT_LIMIT lines appear with the same cwd= path in them within an hour. This can be useful in identifying spamming scripts on a server, especially PHP scripts running under the nobody account. The email that is sent includes the exim log lines and also attempts to find scripts that send email in the path that may be the culprit

LF_SCRIPT_ACTION

The action script that executes when LF_SCRIPT_LIMIT exceeds. You can enable/disable this feature

LF_SSH_EMAIL_ALERT

Send an email alert if anyone logs in successfully using SSH

LF_CPANEL_ALERT

Send an email alert if anyone accesses WHM/cPanel via an account listed in LF_CPANEL_ALERT_USERS. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted)

LF_CPANEL_ALERT_USERS

This is a comma separated list of accounts to send alerts for. To send an alert for all accounts set this to "all"

RT_LOCALHOSTRELAY_ALERT

This option triggers for email sent via local IP addresses

RT_LOCALHOSTRELAY_LIMIT

Email threshold count for RT_LOCALHOSTRELAY_ALERT

SYNFLOOD CONFIGURATION

Enable SYN Flood Protection. This option configures iptables to offer some protection from tcp SYN packet DOS attempts. You should set the RATE so that false-positives are kept to a minimum otherwise visitors may see connection issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables man page for the correct --limit rate syntax

# Note: This option should ONLY be enabled if you know you are under a SYN flood attack as it will slow down all new connections from any IP address to the server if triggered

CC_DENY

Deny connections from the listed countries

CC_ALLOW

Allow connections from the listed countries. # WARNING: CC_ALLOW allows access through all ports in the firewall.

Please rate this article to help us improve our Knowledge Base.

0 0