tanya masalah VPS {FAILED: lfd on hostname (IP server)}

Discussion in 'VPS (Virtual Private Server)' started by hello.pee, 13 Nov 2014.

Thread Status:
Not open for further replies.
  1. hello.pee

    hello.pee Poster 1.0

    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Selamat pagi teman-teman DWH,
    Saya mendapatkan notofikasi ke email dengan subject seperti yang saya infokan diatas, dengan isi email seperti berikut : screnshot
    hal itu muncul setelah saya melakukan instalasi csf, kira-kira itu masalah dikonfigurasi apanya ya mas ? bisa bantu berikan solusinya ?
    kemudian saat ini saya tidak bisa login ke SSH maupun ke WMH, apa ada kemungkinan VPS saya dibobol ? Atau VPS saya terkena bruteforce ? Mohon solusi juga agar saya bisa login ke SSH kembali.

    Terima kasih :)
     
  2. jaapns

    jaapns Hosting Guru Web Hosting

    Messages:
    3,255
    Likes Received:
    442
    Trophy Points:
    83
    kemungkinan ya conflict BFD + CSF, abis di enable blm di restart sshd nya.

    Solusinya ya coba masuk panel VPS nya , solusvm atau panel apa yg di gunakan , masuk dari consol

    kemudian masukkan command : csf -x

    otomatis csf akan disable
     
    hello.pee likes this.
  3. PipoHosting

    PipoHosting Beginner 2.0

    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    3
    coba di cek setelah install csf apa test modenya sudah dirubah menjadi off apa belum?

    kalau tidak bisa login ke ssh atau WHM biasanya di blok sama cphulk brute force protection bawaan whmnya, solusinya restart ulang server nya, kalau sudah bisa masuk whm pilih cphulk brute protection -> flush failed login kalau ngga salah. Setelah itu langsung diganti aja port sshnya di /etc/ssh/sshd_config, bagian port yang di kasi tanda #, jangan lupa diilangi tanda # nya terlebih dahulu sama diganti port sshnya, kalau sudah di restart service ssh nya. Jangan lupa buka port terlebih dahulu di csf untuk port ssh nya yang baru. Ditest dulu semua ssh nya pakai port baru jalan normal apa ngga, kalau jalan normal tutup port lama nya dengan cara di hapus di csf config nya.
     
    hello.pee likes this.
  4. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    mas pakai BDF? digandeng sama CSF ?
    atau CSF saja?
     
    hello.pee likes this.
  5. hello.pee

    hello.pee Poster 1.0

    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    mas @jaapns iya mas, kemarin setelah pasang csf belum restart sshdnya, lupa :D
    mas @PipoHosting sekarang sudah saya ganti portnya mas, hhe
    mas @junior riau hanya pakai csf saja mas, maaf BDF itu apa ya mas ?
     
  6. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    eh BFD maksudnya :v
    salah ketik pak
    coba cek file ini
    /etc/csf/csf.conf
    pastikan ini
    TESTING = "0"
    jangan angka 1 ya
    coba restart LFD nya
     
    hello.pee likes this.
  7. hello.pee

    hello.pee Poster 1.0

    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    mas saya buka /etc/csf/csf.conf kok isinya ini mas :

    /etc/csf/csf.conf
    /etc/csf/csf.conf: line 11: TESTING: command not found
    /etc/csf/csf.conf: line 17: TESTING_INTERVAL: command not found
    /etc/csf/csf.conf: line 69: RESTRICT_SYSLOG: command not found
    /etc/csf/csf.conf: line 88: RESTRICT_SYSLOG_GROUP: command not found
    /etc/csf/csf.conf: line 99: RESTRICT_UI: command not found
    /etc/csf/csf.conf: line 106: AUTO_UPDATES: command not found
    /etc/csf/csf.conf: line 115: TCP_IN: command not found
    /etc/csf/csf.conf: line 118: TCP_OUT: command not found
    /etc/csf/csf.conf: line 121: UDP_IN: command not found
    /etc/csf/csf.conf: line 125: UDP_OUT: command not found
    /etc/csf/csf.conf: line 128: ICMP_IN: command not found
    /etc/csf/csf.conf: line 132: ICMP_IN_RATE: command not found
    /etc/csf/csf.conf: line 135: ICMP_OUT: command not found
    /etc/csf/csf.conf: line 144: ICMP_OUT_RATE: command not found
    /etc/csf/csf.conf: line 168: IPV6: command not found
    /etc/csf/csf.conf: line 174: IPV6_ICMP_STRICT: command not found
    /etc/csf/csf.conf: line 199: IPV6_SPI: command not found
    /etc/csf/csf.conf: line 202: TCP6_IN: command not found
    /etc/csf/csf.conf: line 205: TCP6_OUT: command not found

    kenapa bisa gitu ya mas :D
     
  8. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    harusnya begini mas isinya


    cat /etc/csf/csf.conf | more
    ###############################################################################
    # SECTION:Initial Settings
    ###############################################################################
    # Testing flag - enables a CRON job that clears iptables incase of
    # configuration problems when you start csf. This should be enabled until you
    # are sure that the firewall works - i.e. incase you get locked out of your
    # server! Then do remember to set it to 0 and restart csf when you're sure
    # everything is OK. Stopping csf will remove the line from /etc/crontab
    #
    # lfd will not start while this is enabled
    TESTING = "0"

    # The interval for the crontab in minutes. Since this uses the system clock the
    # CRON job will run at the interval past the hour and not from when you issue
    # the start command. Therefore an interval of 5 minutes means the firewall
    # will be cleared in 0-5 minutes from the firewall start
    TESTING_INTERVAL = "5"

    # SECURITY WARNING
    # ================
    #
    # Unfortunately, syslog and rsyslog allow end-users to log messages to some
    # system logs via the same unix socket that other local services use. This
    # means that any log line shown in these system logs that syslog or rsyslog
    # maintain can be spoofed (they are exactly the same as real log lines).
    #
    # Since some of the features of lfd rely on such log lines, spoofed messages
    # can cause false-positive matches which can lead to confusion at best, or
    # blocking of any innocent IP address or making the server inaccessible at
    # worst.
    #
    # Any option that relies on the log entries in the files listed in
    # /etc/syslog.conf and /etc/rsyslog.conf should therefore be considered
    # vulnerable to exploitation by end-users and scripts run by end-users.
    #
    # NOTE: Not all log files are affected as they may not use syslog/rsyslog
    #
    # The option RESTRICT_SYSLOG disables all these features that rely on affected
    # logs. These options are:
    # LF_SSHD LF_FTPD LF_IMAPD LF_POP3D LF_BIND LF_SUHOSIN LF_SSH_EMAIL_ALERT
    # LF_SU_EMAIL_ALERT LF_CONSOLE_EMAIL_ALERT LF_DISTATTACK LF_DISTFTP
    # LT_POP3D LT_IMAPD PS_INTERVAL UID_INTERVAL WEBMIN_LOG LF_WEBMIN_EMAIL_ALERT
    # PORTKNOCKING_ALERT
    #
    # This list of options use the logs but are not disabled by RESTRICT_SYSLOG:
    # ST_ENABLE SYSLOG_CHECK LOGSCANNER CUSTOM*_LOG
    --More--​

    kalau engga begitu kayanya engga selesai deh installnya ada yang error kayanya
     
    hello.pee likes this.
  9. hello.pee

    hello.pee Poster 1.0

    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    oke coba saya instal ulang saja csf nya mas, terima kasih sekali infonya :)
     
  10. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    sama sama :)
     
    hello.pee likes this.
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...