Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

ConfigServer is sending out lots of mails per day - is it possible to stop for a site?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

ConfigServer is sending out lots of mails per day - is it possible to stop for a site?

We are using ConfigServer Firewall on our Cpanel server with around 200 sites. Each day we get a huge amount of mails about mostly one site. The mails is about lfd (see under). Is it possible to stop this on only one site, or do we have to turn off the option?

Emne: lfd on cxxxxx.xxxxx.no: Suspicious process running under user stavexxxx Time: Fri Jan 12 10:10:07 2018 +0100 PID: 11089 (Parent PID:11089) Account: stavexxxxx Uptime: 79 seconds Executable: /usr/bin/perl Command Line (often faked in exploits): bash Network connections by the process (if any): tcp: 0.0.0.0:34790 -> 0.0.0.0:0 Files open by the process (if any): /dev/null /dev/null /dev/null Memory maps by the process (if any): 00400000-00402000 r-xp 00000000 fd:00 2625699 /usr/bin/perl 00601000-00602000 rw-p 00001000 fd:00 2625699 /usr/bin/perl 01ff1000-023d2000 rw-p 00000000 00:00 0 023d2000-023f3000 rw-p 00000000 00:00 0

Kenneth Myhre WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

Comments

  • MikePTMikePT Member, Provider

    How about ignoring perl in lfd?...

    MXroute.io - SMTP Relay Service, powered by MailChannels, fully automated, LET plans

    MXroute.com - Email Hosting, powered by MailChannels

    Thanked by 1myhken
  • MikePTMikePT Member, Provider
    edited January 12

    I see you didnt read, at least not reply to the other thread. Are you expecting the LET crew to be your SysAdmins? Maybe you should look at hiring someone to manage your servers?

    MXroute.io - SMTP Relay Service, powered by MailChannels, fully automated, LET plans

    MXroute.com - Email Hosting, powered by MailChannels

    Thanked by 3jetchirag Lee lion
  • Just RTM - section 8 for process tracking https://download.configserver.com/csf/readme.txt

    * Centmin Mod Project (HTTP/2 support + ngx_pagespeed + Nginx Lua + Vhost Stats)
    * Centmin Mod LEMP Stack Quick Install Guide
  • @MikePT said: I see you didnt read, at least not reply to the other thread. Are you expecting the LET crew to be your SysAdmins? Maybe you should look at hiring someone to manage your servers?

    Yea...it's not so simple, they guy that did the setup and managed the server is not with the company any more. The hosting part has only been an extra service for some of our customers. So not making much of a profit. It is not our main business at all, we deliver IT support and ASP solutions.

    If people don't want to help me, just don't reply? If nobody is replying in any of my threads here, I just have to find another forum. For the owner of the company is not hiring anybody to manage a server we don't earn money from.

    Kenneth Myhre WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

    Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

  • WSSWSS Member

    Ken, you are so far over your head that it's scary. It's not your fault, but one of these days you're going to badly bungle this. Tell the owner you need some training or assistance.

    @partymonger said: Actually math is pretty much my thing. I was just hoping someone already did the calculation
    upto32.com - neckbeard nerdiness.

  • MikePTMikePT Member, Provider

    @WSS said: Ken, you are so far over your head that it's scary. It's not your fault, but one of these days you're going to badly bungle this. Tell the owner you need some training or assistance.

    Definitely tell the owner you need some assistance there...

    MXroute.io - SMTP Relay Service, powered by MailChannels, fully automated, LET plans

    MXroute.com - Email Hosting, powered by MailChannels

  • WHTWHT Member

    Why not reinstall?

  • Even if you turn off CSF notifications, the notifications for suspicious processes still get sent so just add a filter into your email client and trash them until they fix the bug

  • MikePTMikePT Member, Provider

    Its not a bug. Just add it to the ignore/trusted binaries list.

    MXroute.io - SMTP Relay Service, powered by MailChannels, fully automated, LET plans

    MXroute.com - Email Hosting, powered by MailChannels

  • jarlandjarland Administrator

    I feel you. Took me forever to figure out why it kept sending notifications despite every setting being defined for it to not. Don't even remember what I changed, just keep hammering at it until you hate yourself.

    Thanked by 1myhken
  • WSSWSS Member

    @jarland said: just keep hammering at it until you hate yourself.

    [Insert wife joke here]

    @partymonger said: Actually math is pretty much my thing. I was just hoping someone already did the calculation
    upto32.com - neckbeard nerdiness.

    Thanked by 2jarland ez2uk
  • Usually, you can add an entry for the binary to the /etc/csf/pignore file (there should already be examples of the format in the file). After that, do a csf -r to restart.

    Thanked by 1myhken
Sign In or Register to comment.