Learn about Centmin Mod LEMP Stack today
Register Now

CSF CSF Firewall block wordpress?

Discussion in 'Other Centmin Mod Installed software' started by Jon Snow, Oct 11, 2023.

  1. Jon Snow

    Jon Snow Active Member

    738
    152
    43
    Jun 30, 2017
    Ratings:
    +217
    Local Time:
    2:20 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Btw @eva2000 each time I update Wordpress through WP Admin, I get temp blocked by CSF using the rules I found from you here - https://pastebin.com/JJjXmbx5

    Is it because of this?
    Code (Text):
    # setup extended CSF Firewall blocklists https://community.centminmod.com/posts/50060
    /usr/local/src/centminmod/tools/csf-advancetweaks.sh
    

    Or the 2nd part?


    It's strange because I'm not even logging in and failing to log in. I'm already logged into WP Admin.
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    3:20 PM
    Nginx 1.25.x
    MariaDB 10.x
    Easy to confirm, revert the changes and see if it still happens
     
  3. Jon Snow

    Jon Snow Active Member

    738
    152
    43
    Jun 30, 2017
    Ratings:
    +217
    Local Time:
    2:20 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    This is what I found (my IP):
    Code (Text):
    Oct 10 21:15:13 li lfd[11407]: (nginx_444) Nginx 444 xxx.xxx.xxx.xxx (Country-Code/-): 5 in the last 3600 secs - *Blocked in csf* for 86400 secs [LF_CUSTOMTRIGGER]
     
  4. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    3:20 PM
    Nginx 1.25.x
    MariaDB 10.x
    LF_CUSTOMTRIGGER yup it's related, I'd revert the change
     
  5. Jon Snow

    Jon Snow Active Member

    738
    152
    43
    Jun 30, 2017
    Ratings:
    +217
    Local Time:
    2:20 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    So just change it back to:

    Code (Text):
    CUSTOM1_LOG = "/var/log/customlog"
    CUSTOM2_LOG = "/var/log/customlog"
    CUSTOM3_LOG = "/var/log/customlog"
    CUSTOM4_LOG = "/var/log/customlog"

    And restart CSF?
     
  6. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    3:20 PM
    Nginx 1.25.x
    MariaDB 10.x
  7. Jon Snow

    Jon Snow Active Member

    738
    152
    43
    Jun 30, 2017
    Ratings:
    +217
    Local Time:
    2:20 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Yea I know (that's the 2nd part of the pastebin)

    I deleted regex.custom.pm and renamed regex.custom.pm.bak to regex.custom.pm.

    I had already done this:
    And restarted CSF again.

    Is that all?

    I couldn't find a backup-b4-customregex.
     
  8. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    3:20 PM
    Nginx 1.25.x
    MariaDB 10.x
    should be listed from command
    Code (Text):
    csf --profile list
    


    otherwise, manually changing CUSTOMx_LOG variables back should suffice after renamed regex.custom.pm.bak to regex.custom.pm
     
  9. Jon Snow

    Jon Snow Active Member

    738
    152
    43
    Jun 30, 2017
    Ratings:
    +217
    Local Time:
    2:20 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    This is what I did. So I think I'm good.

    How would I unban my IP? csf -dr doesn't work.
     
  10. eva2000

    eva2000 Administrator Staff Member

    52,186
    11,998
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,501
    Local Time:
    3:20 PM
    Nginx 1.25.x
    MariaDB 10.x
    is it a permanent ban or temp ban?

    permanent ban removal
    Code (Text):
    csf -dr yourip

    temp ban removal
    Code (Text):
    csf -tr yourip

    see csf help command
    Code (Text):
    csf -h
    csf: v14.20 (generic)
    csf(1)                                                       General Commands Manual    csf(1)
    
    NAME
           csf - ConfigServer & Security Firewall
    
    SYNOPSIS
           csf [OPTIONS]
    
    DESCRIPTION
           This   manual   documents   the  csf  command  line  options  for  the  ConfigServer  & Security  Firewall.  See  /etc/csf/csf.conf  and
           /etc/csf/readme.txt for more detailed information on how to use and configure this application.
    
    OPTIONS
           -h,  --help
                  Show this message
    
           -l,  --status
                  List/Show the IPv4 iptables configuration
    
           -l6, --status6
                  List/Show the IPv6 ip6tables configuration
    
           -s,  --start
                  Start the firewall rules
    
           -f,  --stop
                  Flush/Stop firewall rules (Note: lfd may restart csf)
    
           -r,  --restart
                  Restart firewall rules (csf)
    
           -q,  --startq
                  Quick restart (csf restarted by lfd)
    
           -sf, --startf
                  Force CLI restart regardless of LFDSTART setting
    
           -ra, --restartall
                  Restart firewall rules (csf) and then restart lfd daemon. Both csf and then lfd should be restarted after making any  changes  to
                  the configuration files
    
           --lfd [stop|start|restart|status]
                  Actions to take with the lfd daemon
    
           -a,  --add ip [comment]
                  Allow an IP and add to /etc/csf/csf.allow
    
           -ar, --addrm ip
                  Remove an IP from /etc/csf/csf.allow and delete rule
    
           -d,  --deny ip [comment]
                  Deny an IP and add to /etc/csf/csf.deny
    
           -dr, --denyrm ip
                  Unblock an IP and remove from /etc/csf/csf.deny
    
           -df, --denyf
                  Remove and unblock all entries in /etc/csf/csf.deny
    
           -g,  --grep ip
                  Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)
    
           -i,  --iplookup ip
                  Lookup IP address geographical information using CC_LOOKUPS setting in /etc/csf/csf.conf
    
           -t,  --temp
                  Displays the current list of temporary allow and deny IP entries with their TTL and comment
    
           -tr, --temprm ip
                  Remove an IP from the temporary IP ban or allow list
    
           -trd, --temprmd ip
                  Remove an IP from the temporary IP ban list only
    
           -tra, --temprma ip
                  Remove an IP from the temporary IP allow list only
    
           -td, --tempdeny ip ttl [-p port] [-d direction] [comment]
                  Add  an  IP  to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d). Optional port.
                  Optional direction of block can be one of: in, out or inout (default:in)
    
           -ta, --tempallow ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP allow list (default:inout)
    
           -tf, --tempf
                  Flush all IPs from the temporary IP entries
    
           -cp, --cping
                  PING all members in an lfd Cluster
    
           -cg, --cgrep ip
                  Requests the --grep output for IP from each member in an lfd Cluster
    
           -cd, --cdeny ip [comment]
                  Deny an IP in a Cluster and add to each remote /etc/csf/csf.deny
    
           -ctd, --ctempdeny ip ttl [-p port] [-d direction] [comment]
                  Add an IP in a Cluster to the temp IP ban list (default:in)
    
           -cr, --crm ip
                  Unblock an IP in a Cluster and remove from each remote /etc/csf/csf.deny and temporary list
    
           -ca, --callow ip [comment]
                  Allow an IP in a Cluster and add to each remote /etc/csf/csf.allow
    
           -cta, --ctempallow ip ttl [-p port] [-d direction] [comment]
                  Add an IP in a Cluster to the temp IP allow list (default:in)
    
           -car, --carm ip
                  Remove allowed IP in a Cluster and remove from each remote /etc/csf/csf.allow and temporary list
    
           -ci, --cignore ip [comment]
                  Ignore an IP in a Cluster and add to each remote /etc/csf/csf.ignore. Note: This will result in lfd being restarted
    
           -cir, --cirm ip
                  Remove ignored IP in a Cluster and remove from each remote /etc/csf/csf.ignore. Note: This will result in lfd being restarted
    
           -cc, --cconfig [name] [value]
                  Change configuration option [name] to [value] in a Cluster
    
           -cf, --cfile [file]
                  Send [file] in a Cluster to /etc/csf/
    
           -crs, --crestart
                  Cluster restart csf and lfd
    
           --trace [add|remove] ip
                  Log SYN packets for an IP across iptables chains. Note, this can create a LOT  of         logging  information  in  /var/log/messages  so
                  should  only  be  used for a short period of time. This option requires the iptables TRACE module and access to the raw PREROUTING
                  chain to function
    
           -m,  --mail [email]
                  Display Server Check in HTML or email to [email] if present
    
           --rbl [email]
                  Process and display RBL Check in HTML or email to [email] if present
    
           -lr, --logrun
                  Initiate Log Scanner report via lfd
    
           -p, --ports
                  View ports on the server that have a running process behind them listening for external connections
    
           --graphs [graph type] [directory]
                  Generate System Statistics html pages and images for a given graph type into a given directory. See ST_SYSTEM for requirements
    
           --profile [command] [profile|backup] [profile|backup]
                  Configuration profile functions for /etc/csf/csf.conf
                  You can create your own profiles using the examples provided in /usr/local/csf/profiles/
                  The profile reset_to_defaults.conf is a special case and will always be the latest default csf.conf
    
                  list
                  Lists available profiles and backups
    
                  apply [profile]
                  Modify csf.conf with Configuration Profile
    
                  backup "name"
                  Create Configuration Backup with optional "name" stored in /var/lib/csf/backup/
    
                  restore [backup]
                  Restore a Configuration Backup
    
                  keep [num]
                  Remove old Configuration Backups and keep the latest [num]
    
                  diff [profile|backup] [profile|backup]
                  Report differences between Configuration Profiles or Configuration Backups, only specify one [profile|backup] to compare  to  the
                  current Configuration
    
           --mregen
                  MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd
    
           --cloudflare [command]
                  Commands for interacting with the CloudFlare firewall. See /etc/csf/readme.txt and CF_ENABLE for more detailed information
    
                  Note:  target  can  be  one of: An IP address; 2 letter Country Code; IP range CIDR. Only Enterprise customers can block a Country
                  Code, but all can allow and challenge. IP range CIDR is limited to /16 and /24
    
                  list [all|block|challenge|whitelist] [user1,user2,domain1...]
                  List specified type of CloudFlare Firewall rules for comma separated list of users/domains
    
                  add [block|challenge|whitelist] target [user1,user2,domain1...]
                  Add CloudFlare Firewall rule action for target for comma separated list of users/domains only
    
                  del target [user1,user2,domain1...]
                  Delete CloudFlare Firewall rule for target for comma separated list of users/domains only
    
                  tempadd [allow|deny] ip [user1,user2,domain1...]
                  Add a temporary block for CF_TEMP seconds to both csf and the CloudFlareFirewall  rule   for  ip  for  comma  separated  list  of
                  users/domains as well as any user set to "any"
    
           -c,  --check
                  Check for updates to csf but do not upgrade
    
           -u,  --update
                  Check for updates to csf and upgrade if available
    
           -uf    Force an update of csf whether and upgrade is required or not
    
           -x,  --disable
                  Disable csf and lfd completely
    
           -e,  --enable
                  Enable csf and lfd if previously disabled
    
           -v,  --version
                  Show csf version
    
    FILES
           /etc/csf/csf.conf
                  The system wide configuration file
           /etc/csf/readme.txt
                  Detailed information about csf and lfd
    
    BUGS
           Report bugs on the forums at http://forum.configserver.com
    
    AUTHOR
           (c)2006-2023, Way to the Web Limited (http://www.configserver.com)
    
                                                                                            csf(1)
     
  11. Jon Snow

    Jon Snow Active Member

    738
    152
    43
    Jun 30, 2017
    Ratings:
    +217
    Local Time:
    2:20 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Temp. csf -tr worked.

    I always thought csf -dr took care of both.

    Would be helpful to others if you include it here - https://centminmod.com/csf_firewall.html