tanya masalah VPS {FAILED: lfd on hostname (IP server)}


Status
Not open for further replies.
raf.

raf.

Poster 2.0
Selamat pagi teman-teman DWH,
Saya mendapatkan notofikasi ke email dengan subject seperti yang saya infokan diatas, dengan isi email seperti berikut : screnshot
hal itu muncul setelah saya melakukan instalasi csf, kira-kira itu masalah dikonfigurasi apanya ya mas ? bisa bantu berikan solusinya ?
kemudian saat ini saya tidak bisa login ke SSH maupun ke WMH, apa ada kemungkinan VPS saya dibobol ? Atau VPS saya terkena bruteforce ? Mohon solusi juga agar saya bisa login ke SSH kembali.

Terima kasih :)
 
PipoHosting

PipoHosting

Beginner 2.0
hello.pee said:
Selamat pagi teman-teman DWH,
Saya mendapatkan notofikasi ke email dengan subject seperti yang saya infokan diatas, dengan isi email seperti berikut : screnshot
hal itu muncul setelah saya melakukan instalasi csf, kira-kira itu masalah dikonfigurasi apanya ya mas ? bisa bantu berikan solusinya ?
kemudian saat ini saya tidak bisa login ke SSH maupun ke WMH, apa ada kemungkinan VPS saya dibobol ? Atau VPS saya terkena bruteforce ? Mohon solusi juga agar saya bisa login ke SSH kembali.

Terima kasih :)
Click to expand...
coba di cek setelah install csf apa test modenya sudah dirubah menjadi off apa belum?

kalau tidak bisa login ke ssh atau WHM biasanya di blok sama cphulk brute force protection bawaan whmnya, solusinya restart ulang server nya, kalau sudah bisa masuk whm pilih cphulk brute protection -> flush failed login kalau ngga salah. Setelah itu langsung diganti aja port sshnya di /etc/ssh/sshd_config, bagian port yang di kasi tanda #, jangan lupa diilangi tanda # nya terlebih dahulu sama diganti port sshnya, kalau sudah di restart service ssh nya. Jangan lupa buka port terlebih dahulu di csf untuk port ssh nya yang baru. Ditest dulu semua ssh nya pakai port baru jalan normal apa ngga, kalau jalan normal tutup port lama nya dengan cara di hapus di csf config nya.
 
raf.

raf.

Poster 2.0
junior riau said:
eh BFD maksudnya :v
salah ketik pak
coba cek file ini
/etc/csf/csf.conf
pastikan ini
TESTING = "0"
jangan angka 1 ya
coba restart LFD nya
Click to expand...
mas saya buka /etc/csf/csf.conf kok isinya ini mas :

/etc/csf/csf.conf
/etc/csf/csf.conf: line 11: TESTING: command not found
/etc/csf/csf.conf: line 17: TESTING_INTERVAL: command not found
/etc/csf/csf.conf: line 69: RESTRICT_SYSLOG: command not found
/etc/csf/csf.conf: line 88: RESTRICT_SYSLOG_GROUP: command not found
/etc/csf/csf.conf: line 99: RESTRICT_UI: command not found
/etc/csf/csf.conf: line 106: AUTO_UPDATES: command not found
/etc/csf/csf.conf: line 115: TCP_IN: command not found
/etc/csf/csf.conf: line 118: TCP_OUT: command not found
/etc/csf/csf.conf: line 121: UDP_IN: command not found
/etc/csf/csf.conf: line 125: UDP_OUT: command not found
/etc/csf/csf.conf: line 128: ICMP_IN: command not found
/etc/csf/csf.conf: line 132: ICMP_IN_RATE: command not found
/etc/csf/csf.conf: line 135: ICMP_OUT: command not found
/etc/csf/csf.conf: line 144: ICMP_OUT_RATE: command not found
/etc/csf/csf.conf: line 168: IPV6: command not found
/etc/csf/csf.conf: line 174: IPV6_ICMP_STRICT: command not found
/etc/csf/csf.conf: line 199: IPV6_SPI: command not found
/etc/csf/csf.conf: line 202: TCP6_IN: command not found
/etc/csf/csf.conf: line 205: TCP6_OUT: command not found

kenapa bisa gitu ya mas :D
 
junior riau

junior riau

Hosting Guru
Verified Provider
harusnya begini mas isinya


cat /etc/csf/csf.conf | more
###############################################################################
# SECTION:Initial Settings
###############################################################################
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"

# The interval for the crontab in minutes. Since this uses the system clock the
# CRON job will run at the interval past the hour and not from when you issue
# the start command. Therefore an interval of 5 minutes means the firewall
# will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"

# SECURITY WARNING
# ================
#
# Unfortunately, syslog and rsyslog allow end-users to log messages to some
# system logs via the same unix socket that other local services use. This
# means that any log line shown in these system logs that syslog or rsyslog
# maintain can be spoofed (they are exactly the same as real log lines).
#
# Since some of the features of lfd rely on such log lines, spoofed messages
# can cause false-positive matches which can lead to confusion at best, or
# blocking of any innocent IP address or making the server inaccessible at
# worst.
#
# Any option that relies on the log entries in the files listed in
# /etc/syslog.conf and /etc/rsyslog.conf should therefore be considered
# vulnerable to exploitation by end-users and scripts run by end-users.
#
# NOTE: Not all log files are affected as they may not use syslog/rsyslog
#
# The option RESTRICT_SYSLOG disables all these features that rely on affected
# logs. These options are:
# LF_SSHD LF_FTPD LF_IMAPD LF_POP3D LF_BIND LF_SUHOSIN LF_SSH_EMAIL_ALERT
# LF_SU_EMAIL_ALERT LF_CONSOLE_EMAIL_ALERT LF_DISTATTACK LF_DISTFTP
# LT_POP3D LT_IMAPD PS_INTERVAL UID_INTERVAL WEBMIN_LOG LF_WEBMIN_EMAIL_ALERT
# PORTKNOCKING_ALERT
#
# This list of options use the logs but are not disabled by RESTRICT_SYSLOG:
# ST_ENABLE SYSLOG_CHECK LOGSCANNER CUSTOM*_LOG
--More--​

kalau engga begitu kayanya engga selesai deh installnya ada yang error kayanya
 
Status
Not open for further replies.

Top