Portal Home > Knowledgebase > Articles Database > CSF
Posted by nurahost, 04-28-2014, 09:27 PM Hi Why CSF getting block my clients IP without any reason. When some one trying to upload files getting block by CSF. Specially wordpress clients also getting block.
Posted by whmcsguru, 04-28-2014, 10:06 PM CSF always blocks for a reason, it's just not always one you understand Check /var/log/lfd.log for the client's IP address, it will tell you what your client was blocked for. In this case, most likely too many connections to the server.
Posted by Genius Guard, 04-28-2014, 10:16 PM usually it block because of many connections, or modsecurity rules based blocking.
Posted by nurahost, 04-28-2014, 10:17 PM Hi I found this from logs Apr 28 09:04:05 ds1 lfd[18969]: (mod_security) mod_security (id:1234123404) triggered by 92.27.226.205 (GB/United Kingdom/host-92-27-226-205.static.as13285.net): 5 in the last 3600 secs - *Blocked$ Apr 28 09:05:20 ds1 lfd[19063]: *Suspicious File* /tmp/.backwpup_1936422055 [softkingoftking (619:620)] - Suspicious directory
Posted by Genius Guard, 04-28-2014, 10:21 PM id:1234123404) this is the modsecurity rules id caused block. check it in modsecurity rules.
Posted by vps_noob, 04-28-2014, 11:43 PM Putty: grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n *Change /usr/local/apache/logs/error_log to your error_log path, maybe it'll give you more info...
Posted by whmcsguru, 04-29-2014, 04:58 AM Since you're using CSF/LFD, you're probably using cPanel Download CMC, follow their easy instructions to install it. You can then understand what happened with blocks more clearly, and manage rules that way.
Posted by HostSlim-R, 04-29-2014, 05:07 AM You should check your csf.conf file and modify the settings for maximum allowed connections/packages etc.
Add to Favourites 
Print this Article
