Want more timely Centmin Mod News Updates?
Become a Member

CSF CSF Firewall info

Discussion in 'Other Centmin Mod Installed software' started by eva2000, May 25, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    CSF Firewall page is located at CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS.

    What is CSF Firewall?
    CSF Firewall is a suite of scripts which provide firewall security with Stateful Packet Inspection and Login Intrusion detection. All documentation is linked below. CSF also has GUI Web Interface Integration for cPanel, DirectAdmin and Webmin. However, for Centmin Mod install, CSF is a non-gui based.

    CSF Firewall is a default installed item as at Centmin Mod v1.2.3+ when default unattended install mode is used. If you disable unattended mode, CSF Firewall becomes an optional install item. With unattended mode disabled, on first initial Centmin Mod install, you will be prompted as to whether or not you want to install CSF Firewall. I highly recommend that CSF Firewall is installed on your CentOS server.

    CSF Firewall interfaces with iptables and makes it much easier to manage compared to iptables (see CSF Documentation Links below). The main CSF Firewall config file is located at /etc/csf/csf.conf where you can also define which TCP and UDP ports to allow IN or OUT of the server.

    Whitelisted Ports

    I posted a sticky in Centmin Mod Insights forum for a full listing of CSF whitelisted ports and what they are for at Centmin Mod LEMP stack CSF Firewall default port listing | Centmin Mod Community

    Whitelist allowing IPs

    CSF Firewall can allow or whitelist ip addresses using SSH telnet and command where xxx.xxx.xxx.xxx is IP address:
    Code:
    csf -a xxx.xxx.xxx.xxx
    
    You can also add comments to whitelist entries
    Code:
    csf -a xxx.xxx.xxx.xxx comment
    
    If you have problems using SCP, SFTP, rsync, or other commands trying to connect to or from a remote server to your Centmin Mod server, you will need to whitelist the remote server's IP address as per above command. Common, situation would be connecting to a remote MySQL server which you need to whitelist remote MySQL server IP address as well as edit /etc/csf/csf.conf to add to TCP_OUT the default MySQL port 3306. Then restart CSF firewall service.

    If you use third party SMTP services, you also need to add the appropriate ports toTCP_OUT listing within /etc/csf/csf.conf. Then restart CSF firewall service.

    If you use monitoring services such as Pingdom.com or NodePing.com, you will need to whitelist the remote server's IP address as per above command.

    For NodePing.com, these are following IP addresses and commands needed to be run:
    Code:
    csf -a 173.255.243.111 pinghostca.nodeping.com
    csf -a 204.11.60.100 pinghosttx.nodeping.com
    csf -a 192.30.32.170 pinghostga.nodeping.com
    csf -a 108.61.56.241 pinghostnj.nodeping.com
    csf -a 89.32.145.126 pinghostld.nodeping.com
    csf -a 46.249.33.15 pinghostnl.nodeping.com
    csf -a 78.47.40.108 pinghostde.nodeping.com
    csf -a 89.45.249.16 pinghostro.nodeping.com
    
    For MailChimp.com to whitelist their listed IPs:
    Code:
    csf -a 72.26.195.64/27 mailchimp
    csf -a 74.63.47.96/27 mailchimp
    csf -a 173.231.138.192/27 mailchimp
    csf -a 173.231.139.0/24 mailchimp
    csf -a 173.231.176.0/21 mailchimp
    csf -a 173.231.184.0/21 mailchimp
    csf -a 205.201.128.0/20 mailchimp
    csf -a 198.2.128.0/18 mailchimp
    
    For Newrelic users, whitelist the following IPs:
    Code:
    csf -a 54.248.250.232 newrelic
    csf -a 54.251.34.67 newrelic
    csf -a 50.31.164.139 newrelic
    csf -a 184.73.237.85 newrelic
    csf -a 50.112.95.211 newrelic
    csf -a 54.247.188.179 newrelic
    csf -a 50.18.57.7 newrelic
    csf -a 177.71.245.207 newrelic
    csf -a 50.31.164.0/24 newrelic
    
    For CloudFlare IP addresses, full list of IPs available at CloudFlare IP Ranges | CloudFlare | The web performance & security companyand How do I whitelist CloudFlare's IPs in .htaccess? – CloudFlare Support. Check the link regularly for updated IPs.

    (IPv4)
    Code:
    csf -a 199.27.128.0/21 cloudflare
    csf -a 173.245.48.0/20 cloudflare
    csf -a 103.21.244.0/22 cloudflare
    csf -a 103.22.200.0/22 cloudflare
    csf -a 103.31.4.0/22 cloudflare
    csf -a 141.101.64.0/18 cloudflare
    csf -a 108.162.192.0/18 cloudflare
    csf -a 190.93.240.0/20 cloudflare
    csf -a 188.114.96.0/20 cloudflare
    csf -a 197.234.240.0/22 cloudflare
    csf -a 198.41.128.0/17 cloudflare
    csf -a 162.158.0.0/15 cloudflare
    csf -a 104.16.0.0/12 cloudflare
    
    (IPv6)
    Code:
    csf -a 2400:cb00::/32 cloudflare
    csf -a 2606:4700::/32 cloudflare
    csf -a 2803:f800::/32 cloudflare
    csf -a 2405:b500::/32 cloudflare
    csf -a 2405:8100::/32 cloudflare
    
    For Incapsula IP addresses, full list of IPs available atRestricting direct access to your website (Incapsula's IP addresses) – Incapsula Support. Check the link regularly for updated IPs.
    Code:
    csf -a 199.83.128.0/21 incapsula
    csf -a 198.143.32.0/19 incapsula
    csf -a 149.126.72.0/21 incapsula
    csf -a 103.28.248.0/22 incapsula
    csf -a 185.11.124.0/22 incapsula
    csf -a 192.230.64.0/18 incapsula
    
    Or you can edit allow list at /etc/csf/csf.allow. Contents of example csf.allow file
    Code:
    ###############################################################################
    # Copyright 2006-2013, Way to the Web Limited
    # URL: http://www.configserver.com
    # Email: sales@waytotheweb.com
    ###############################################################################
    # The following IP addresses will be allowed through iptables.
    # One IP address per line.
    # CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24).
    # Only list IP addresses, not domain names (they will be ignored)
    #
    # Advanced port+ip filtering allowed with the following format
    # tcp/udp|in/out|s/d=port|s/d=ip
    # See readme.txt for more information
    #
    # Note: IP addressess listed in this file will NOT be ignored by lfd, so they
    # can still be blocked. If you do not want lfd to block an IP address you must
    # add it to csf.ignore
    
    173.255.243.111 # pinghostca.nodeping.com - Thu Jul 25 22:56:44 2013
    204.11.60.100 # pinghosttx.nodeping.com - Thu Jul 25 22:56:44 2013
    192.30.32.170 # pinghostga.nodeping.com - Thu Jul 25 22:56:44 2013
    108.61.56.241 # pinghostnj.nodeping.com - Thu Jul 25 22:56:44 2013
    89.32.145.126 # pinghostld.nodeping.com - Thu Jul 25 22:56:45 2013
    46.249.33.15 # pinghostnl.nodeping.com - Thu Jul 25 22:56:45 2013
    78.47.40.108 # pinghostde.nodeping.com - Thu Jul 25 22:56:45 2013
    89.45.249.16 # pinghostro.nodeping.com - Thu Jul 25 22:56:45 2013
    
    Deny banning IPs

    CSF Firewall can ban or deny ip addresses using SSH telnet and command where xxx.xxx.xxx.xxx is IP address:
    Code:
    csf -d xxx.xxx.xxx.xxx
    
    Or you can edit allow list at /etc/csf/csf.deny

    How to update CSF Firewall?
    CSF Firewall by default auto updates itself on Centmin Mod installs. You can manually update CSF Firewall via the command below:
    Code:
    csf -u
    
    Restarting CSF Firewall?
    CSF Firewall can be restarted via the command below which will output all the iptable rules set etc which is normal:
    Code:
    csf -r
    
    Login Failure Daemon (lfd)
    CSF isn't just a firewall but includes a Login Failure Daemon (lfd). Straight from CSF readme file:

    To complement the ConfigServer Firewall, we have developed a daemon process that runs all the time and periodically (every X seconds) scans the latest log file entries for login attempts against your server that continually fail within a short period of time.

    Such attempts are often called "Brute-force attacks" and the daemon process responds very quickly to such patterns and blocks offending IP's quickly. Other similar products run every x minutes via cron and as such often miss break-in attempts until after they've finished, our daemon eliminates such long waits and makes it much more effective at performing its task.

    There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.

    Login Failure Daemon (lfd) Principles
    One of the best ways to protect the server from inbound attack against network daemons is to monitor their authentication logs. Invalid login attempts which happen in a short space of time from the same source can often mean someone is attempting to brute-force their way into the server, usually by guessing usernames and passwords and therefore generating authentication and login failures.

    lfd can monitor the most commonly abused protocols, SSHD, POP3, IMAP, FTP and HTTP password protection. Unlike other applications, lfd is a daemon process that monitors logs continuously and so can react within seconds of detecting such attempts. It also monitors across protocols, so if attempts are made on different protocols in a short space of time, all those attempts will be counted against the threshold.

    Once the number of failed login attempts is reached, lfd immediately forks a sub-process and uses csf to block the offending IP address from both in and outgoing connections. Stopping the attack in its tracks in a quick and timely manner. Other applications that use cron job timings to run usually completely miss brute force attacks as they run usually every 5 minutes or by which time the attack could be over, or simply biding its time. In the meantime lfd will have block the offenders IP address.

    By running the block and alert email actions in a sub-process, the main daemon can continue monitoring the logs without delay.

    If you want to know when lfd blocks an IP address you can enable the email alert (which is on by default) and you should watch the log file in /var/log/lfd.log. If you use logcheck, you can add it to your log monitoring by editing logcheck.sh and adding the line:
    Code:
    $LOGTAIL /var/log/lfd.log >> $TMPDIR/check.$$
    
    CSF Documentation Links
     
    Last edited: Jan 12, 2016
    • Like Like x 2
  2. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, the linked readme.txt above has more detailed info including finer grain control of specific ports and ip addresses

    10. Advanced Allow/Deny Filters
    ###############################

    In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip
    filters using the following format (you must specify a port AND an IP address):

    tcp/udp|in/out|s/d=port|s/d=ip|u=uid

    Broken down:

    tcp/udp : EITHER tcp OR udp OR icmp protocol
    in/out : EITHER incoming OR outgoing connections
    s/d=port : EITHER source OR destination port number (or ICMP type)
    (use a _ for a port range, e.g. 2000_3000)
    s/d=ip : EITHER source OR destination IP address
    u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
    s/d=IP value is ignored

    Note: ICMP filtering uses the "port" for s/d=port to set the ICMP type.
    Whether you use s or d is not relevant as either simply uses the iptables
    --icmp-type option. Use "iptables -p icmp -h" for a list of valid ICMP types.

    Only one type per filter is supported

    Examples:

    # TCP connections inbound to port 3306 from IP 11.22.33.44
    Code:
    tcp|in|d=3306|s=11.22.33.44
    
    # TCP connections outbound to port 22 on IP 11.22.33.44
    Code:
    tcp|out|d=22|d=11.22.33.44
    
    Note| If omitted, the default protocol is set to "tcp", the default connection
    direction is set to "in", so|

    # TCP connections inbound to port 22 from IP 44.33.22.11
    Code:
    d=22|s=44.33.22.11
    
    # TCP connections outbound to port 80 from UID 99
    Code:
    tcp|out|d=80||u=99
    
    # ICMP connections inbound for type ping from 44.33.22.11
    Code:
    icmp|in|d=ping|s=44.33.22.11
    
    # TCP connections inbound to port 22 from Dynamic DNS address
    # www.configserver.com (for use in csf.dyndns only)
    Code:
    tcp|in|d=22|s=www.configserver.com
    
     
    • Informative Informative x 1
  3. Peter Downey

    Peter Downey Member

    62
    23
    8
    May 28, 2014
    Ratings:
    +25
    Local Time:
    7:23 PM
    This might be a stupid question. Does cloudflare stop CSF from being able to deny ips? It occurred to me that this might be the case.

    So instead, for people using cloudflare we could either use cloudflares blocking or we could use nginx?
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    no Cloudflare won't stop you from using CSF to block IPs IF you have setup cloudflare ip forwarding using HttpRealIpModule as outlined in Getting started guide part 5 at http://centminmod.com/getstarted.html which links to http://centminmod.com/nginx_configure_cloudflare.html

     
  5. Peter Downey

    Peter Downey Member

    62
    23
    8
    May 28, 2014
    Ratings:
    +25
    Local Time:
    7:23 PM
    Thanks, I just recently set Cloudflare up and have the rules set in my .conf files and allows set in csf. I wasn't certain if CSF was able to read the HttpRealIpModule header. I can see that netstat isn't able to, so it occurred to me that CSF might not either for incoming WordPress traffic.
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5

    CSF Firewall and Mandrill & Other 3rd party SMTP usage



    For using Mandrill or any other 3rd party remote SMTP server usage with Centmin Mod with CSF Firewall, you need to whitelist and open ports 465 and 587 for /etc/csf/csf.conf config file for TCP_OUT so append them to current list of comma separate ports on TCP_OUT lines
    Code:
    465,587
    So TCP_OUT goes from
    Code:
    TCP_OUT = "111,2049,1110,1194,9418,20,21,22,25,53,80,110,113,443"
    to the following
    Code:
    TCP_OUT = "111,2049,1110,1194,9418,20,21,22,25,53,80,110,113,443,465,587"
    If you already added other custom ports, make sure to not just copy and paste my example, but append 465,587 to your list of custom TCP_OUT ports (if you use IPv6 too, add ports to TCP6_OUT too) so you do not accidentally wipe your custom added ports.

    Additional Step if SMTP_BLOCK is enabled



    Then ONLY if you enabled SMTP_BLOCK = "1" in /etc/csf/csf.conf, would you need either remove ports 465 and 587 from the SMTP_PORTS list or leave them in place and instead add nginx user to SMTP_ALLOWGROUP comma separated list. You should not need to do this as SMTP Blocking is disabled by default SMTP_BLOCK = "0"
    Code:
    SMTP_PORTS = "25,465,587"
    SMTP_ALLOWGROUP = "mail,mailman,nginx"
    
    Then restart CSF firewall
    Code:
    csf -r
     
    Last edited: Oct 9, 2014
    • Like Like x 1
  7. RoldanLT

    RoldanLT Well-Known Member

    3,883
    947
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,291
    Local Time:
    7:23 AM
    1.11
    10.2
    On my current config I got this:
    SMTP_BLOCK = "0"

    should I change to 1 ? :unsure:
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    That is normal CSF defaults, I leave it disabled myself :)
     
    • Like Like x 1
  9. BamaStangGuy

    BamaStangGuy Active Member

    470
    137
    43
    May 25, 2014
    Ratings:
    +180
    Local Time:
    6:23 PM
    So I keep getting my ip blocked and this is the reason it is blocking it:

    Code:
    Sep 30 01:36:44 orchids lfd[18014]: 68.62.173.137 (US/United States/c-68-62-173-137.hsd1.al.comcast.net), 5 distributed sshd attacks on account [root] in the last 3600 secs - *Blocked in csf* [LF_DISTATTACK]
    Why is this happening? Any way I can prevent it? Its quite annoying. It happens on almost every droplet I have.
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    have you whitelisted your IP address ?
    Code:
    csf -a 68.62.173.137 myip
     
  11. BamaStangGuy

    BamaStangGuy Active Member

    470
    137
    43
    May 25, 2014
    Ratings:
    +180
    Local Time:
    6:23 PM
    Yes, but as soon as it changes the new one gets blocked within a day or so.
     
  12. Razib Hasan

    Razib Hasan Member

    31
    11
    8
    May 31, 2014
    Dhaka, Bangladesh
    Ratings:
    +11
    Local Time:
    5:23 AM
    1.7.6
    5.10
    I've 2 IPs on a VPS. One IP is getting floods recently. How can I block all incoming connections to that specific IP?
     
  13. RoldanLT

    RoldanLT Well-Known Member

    3,883
    947
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,291
    Local Time:
    7:23 AM
    1.11
    10.2
    Change port, end of story.
     
  14. Razib Hasan

    Razib Hasan Member

    31
    11
    8
    May 31, 2014
    Dhaka, Bangladesh
    Ratings:
    +11
    Local Time:
    5:23 AM
    1.7.6
    5.10
    Little more guideline please ... Can it be done through CSF?
     
  15. RoldanLT

    RoldanLT Well-Known Member

    3,883
    947
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,291
    Local Time:
    7:23 AM
    1.11
    10.2
    Thru:
    #cmdir
    #./centmin.sh
    16
     
  16. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    SSHD floods ? or other types ? for SSHD change your port to different port below <1024 using centmin.sh and menu option 16 - specify the default SSH port first when asked = 22, then new SSH port below <1024

    example below changing SSHD port from 22 to 99
    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.07 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                  
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Re-install ImageMagick PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Exit
    --------------------------------------------------------
    Enter option [ 1 - 22 ] 16
    --------------------------------------------------------
    *************************************************
    * Setup sshd
    *************************************************
    --------------------------
    backup sshd_config
    --------------------------
    cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config-backup
    --------------------------
    change ssh port
    --------------------------
    Your current default SSH port is: 22
    
    Enter existing SSH port number (default = 22 for fresh installs): 22
    
    Enter the SSH port number you want to change to: 99
    
    Post 99 configured in /etc/ssh/sshd_config
    Port 99
    Code:
    *************************************************
    * Setup sshd complete
    *************************************************
    To check to see if you can access your server via the new port
    keep this existing SSH2 connection open, and start a new SSH2
    connection to this server connecting via the new SSH2 port
    if you can connect, then it's working.
    
    If you can't connect, using your existing SSH2 logged in
    connection, edit and check /etc/csf/csf.conf and your iptables
    /etc/sysconfig/iptables and service iptables status
    making sure the new port number you specified is correctly set
    *************************************************
     
  17. RoldanLT

    RoldanLT Well-Known Member

    3,883
    947
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,291
    Local Time:
    7:23 AM
    1.11
    10.2
    Why is it recommended to have a ssh port below 1024 ?
    I have mine set since last year above it.
     
  18. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    nice read at Why putting SSH on another port than 22 is bad idea | A day in the life of…
     
  19. Razib Hasan

    Razib Hasan Member

    31
    11
    8
    May 31, 2014
    Dhaka, Bangladesh
    Ratings:
    +11
    Local Time:
    5:23 AM
    1.7.6
    5.10
    No, it's TCP, UDP and ICMP flood ... eating up bandwidths too much. Other IP is DDoS filtered from RamNode ... but, the one which is not filtered is taking lots of floods from many IPs.

    A few from the log file;

    Sep 30 13:56:47 scylla kernel: [3433921.012773] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7274 PROTO=ICMP TYPE=8 CODE=0 ID=31927 SEQ=33434
    Sep 30 13:56:49 scylla kernel: [3433923.060182] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7284 PROTO=ICMP TYPE=8 CODE=0 ID=31937 SEQ=33434
    Sep 30 13:56:51 scylla kernel: [3433925.072608] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7294 PROTO=ICMP TYPE=8 CODE=0 ID=31947 SEQ=33434
    Sep 30 13:56:53 scylla kernel: [3433926.921465] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7303 PROTO=ICMP TYPE=8 CODE=0 ID=31956 SEQ=33434
    Sep 30 13:56:55 scylla kernel: [3433928.969838] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7313 PROTO=ICMP TYPE=8 CODE=0 ID=31966 SEQ=33434
    Sep 30 13:56:57 scylla kernel: [3433931.015057] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7323 PROTO=ICMP TYPE=8 CODE=0 ID=31976 SEQ=33434
    Sep 30 13:56:59 scylla kernel: [3433933.065021] Firewall: *ICMP_IN Blocked* IN=venet0 OUT= MAC= SRC=178.236.177.13 DST=81.4.124.x LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=7333 PROTO=ICMP TYPE=8 CODE=0 ID=31986 SEQ=33434
     
  20. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    Contact RamNode and see what they can do