hello guys i opened the following WHM >> "ConfigServer Security&Firewall" >> "lfd - Login Failure Daemon" i have tried to configur the LFD to ignore a user and i wrote the following user:username and restarted the script but the firewall still sending me email about that user how can i congigure the LFD to completely ignore a user from the watching the csf.pignore contains the following ############################################################################### # Copyright 2006-2010, Way to the Web Limited # # ############################################################################### # The following is a list of executables (exe) command lines (cmd) and # usernames (user) that lfd process tracking will ignore. # # You must use the following format: # # exe:/full/path/to/file # user:username # cmd:command line # # Or, perl regular expression matching (regex): # # pexe:/full/path/to/file as a perl regex [*] # puser:username as a perl regex [*] # pcmd:command line as a perl regex [*] # # [*]You must remember to escape characters correctly when using regex's, e.g.: # pexe:/home/.*/public_html/cgi-bin/script\.cgi # puser:bob\d.* # pcmd:/home/.*/command\s\to\smatch\s\.pl\s.* # # It is strongly recommended that you use command line ignores very carefully # as any process can change what is reported to the OS. # # For more information see readme.txt exe:/usr/local/cpanel/3rdparty/bin/english/webalizer exe:/usr/lib/courier-imap/bin/pop3d exe:/usr/lib/courier-imap/bin/imapd exe:/usr/sbin/pure-ftpd exe:/usr/local/cpanel/cpsrvd exe:/usr/local/cpanel/3rdparty/bin/imapd exe:/usr/local/cpanel/bin/cppop exe:/usr/sbin/sshd exe:/usr/sbin/proftpd exe:/usr/local/cpanel/3rdparty/bin/php exe:/usr/local/cpanel/3rdparty/bin/analog exe:/usr/local/urchin/bin/urchinwebd exe:/usr/local/cpanel/cpsrvd-ssl exe:/usr/bin/spamc exe:/usr/local/cpanel/bin/cppop-ssl exe:/usr/local/cpanel/bin/logrunner exe:/usr/local/cpanel/cpdavd exe:/usr/local/cpanel/bin/cpwrap exe:/usr/libexec/gam_server exe:/usr/sbin/named exe:/usr/sbin/exim exe:/usr/sbin/mysqld exe:/usr/sbin/mysqld_safe exe:/usr/libexec/hald-addon-acpi exe:/usr/sbin/hald exe:/bin/dbus-daemon exe:/usr/bin/dbus-daemon-1 user:mailnull user:mailman exe:/usr/libexec/hald-addon-keyboard exe:/usr/libexec/dovecot/imap exe:/usr/libexec/dovecot/pop3 exe:/usr/sbin/nsd exe:/usr/libexec/dovecot/pop3-login exe:/usr/libexec/dovecot/imap-login exe:/var/cpanel/3rdparty/bin/php user:myangel Code (markup):
thank you for reply i get the following email Time: Thu Jul 26 18:08:29 2012 +0200 PID: 7496 Account: myangel Uptime: 155 seconds Executable: /usr/local/bin/php Command Line (often faked in exploits): /usr/local/bin/php -c /imports/php5/php.ini mirrors/easyshare.php 01INC5W5 0 Network connections by the process (if any): tcp: 204.197.246.137:55259 -> 95.211.187.202:80 Files open by the process (if any): /dev/null /dev/null Memory maps by the process (if any): 08048000-08611000 r-xp 00000000 00:5b 423654555 /usr/local/bin/php 08611000-0863d000 rw-p 005c9000 00:5b 423654555 /usr/local/bin/php 0863d000-08647000 rw-p 0863d000 00:00 0 08ebb000-09009000 rw-p 08ebb000 00:00 0 [heap] b7316000-b7320000 r-xp 00000000 00:5b 364944440 /lib/libnss_files-2.5.so b7320000-b7321000 r--p 00009000 00:5b 364944440 /lib/libnss_files-2.5.so b7321000-b7322000 rw-p 0000a000 00:5b 364944440 /lib/libnss_files-2.5.so b7363000-b7366000 rw-p b7363000 00:00 0 b7366000-b73a1000 r-xp 00000000 00:5b 365016407 /lib/libsepol.so.1 b73a1000-b73a2000 rw-p 0003b000 00:5b 365016407 /lib/libsepol.so.1 b73a2000-b73ac000 rw-p b73a2000 00:00 0 b73ac000-b73c2000 r-xp 00000000 00:5b 365016405 /lib/libselinux.so.1 b73c2000-b73c4000 rw-p 00015000 00:5b 365016405 /lib/libselinux.so.1 b73c4000-b73c5000 rw-p b73c4000 00:00 0 b73c5000-b73dd000 r-xp 00000000 00:5b 423642121 /usr/lib/libsasl2.so.2.0.22 b73dd000-b73de000 rw-p 00017000 00:5b 423642121 /usr/lib/libsasl2.so.2.0.22 b73de000-b73eb000 r-xp 00000000 00:5b 423626293 /usr/lib/liblber-2.3.so.0.2.31 b73eb000-b73ec000 rw-p 0000c000 00:5b 423626293 /usr/lib/liblber-2.3.so.0.2.31 b73ec000-b73ee000 r-xp 00000000 00:5b 365016386 /lib/libkeyutils-1.2.so b73ee000-b73ef000 rw-p 00001000 00:5b 365016386 /lib/libkeyutils-1.2.so b73ef000-b73f7000 r-xp 00000000 00:5b 423641973 /usr/lib/libkrb5support.so.0.1 b73f7000-b73f8000 rw-p 00007000 00:5b 423641973 /usr/lib/libkrb5support.so.0.1 b73f8000-b740d000 r-xp 00000000 00:5b 364944524 /lib/libpthread-2.5.so b740d000-b740e000 ---p 00015000 00:5b 364944524 /lib/libpthread-2.5.so b740e000-b740f000 r--p 00015000 00:5b 364944524 /lib/libpthread-2.5.so b740f000-b7410000 rw-p 00016000 00:5b 364944524 /lib/libpthread-2.5.so b7410000-b7413000 rw-p b7410000 00:00 0 b7413000-b7418000 r-xp 00000000 00:5b 423641785 /usr/lib/libXdmcp.so.6.0.0 b7418000-b7419000 rw-p 00004000 00:5b 423641785 /usr/lib/libXdmcp.so.6.0.0 b7419000-b741b000 r-xp 00000000 00:5b 423641783 /usr/lib/libXau.so.6.0.0 b741b000-b741c000 rw-p 00001000 00:5b 423641783 /usr/lib/libXau.so.6.0.0 b741c000-b7433000 r-xp 00000000 00:5b 365016349 /lib/libaudit.so.0.0.0 b7433000-b7435000 rw-p 00016000 00:5b 365016349 /lib/libaudit.so.0.0.0 b7435000-b7447000 r-xp 00000000 00:5b 365016415 /lib/libz.so.1.2.3 b7447000-b7448000 rw-p 00011000 00:5b 365016415 /lib/libz.so.1.2.3 b7448000-b7453000 r-xp 00000000 00:5b 365023715 /lib/libgcc_s-4.1.2-20080825.so.1 b7453000-b7454000 rw-p 0000a000 00:5b 365023715 /lib/libgcc_s-4.1.2-20080825.so.1 b7454000-b75a6000 r-xp 00000000 00:5b 364943790 /lib/libc-2.5.so b75a6000-b75a7000 ---p 00152000 00:5b 364943790 /lib/libc-2.5.so b75a7000-b75a9000 r--p 00152000 00:5b 364943790 /lib/libc-2.5.so b75a9000-b75aa000 rw-p 00154000 00:5b 364943790 /lib/libc-2.5.so b75aa000-b75ae000 rw-p b75aa000 00:00 0 b75ae000-b7713000 r-xp 00000000 00:5b 383377246 /opt/xml2/lib/libxml2.so.2.7.6 b7713000-b7718000 rw-p 00165000 00:5b 383377246 /opt/xml2/lib/libxml2.so.2.7.6 b7718000-b7719000 rw-p b7718000 00:00 0 b7719000-b7845000 r-xp 00000000 00:5b 423644902 /usr/lib/mysql/libmysqlclient.so.15.0.0 b7845000-b7874000 rw-p 0012c000 00:5b 423644902 /usr/lib/mysql/libmysqlclient.so.15.0.0 b7874000-b7875000 rw-p b7874000 00:00 0 b7875000-b78ae000 r-xp 00000000 00:5b 423626295 /usr/lib/libldap-2.3.so.0.2.31 b78ae000-b78af000 rw-p 00039000 00:5b 423626295 /usr/lib/libldap-2.3.so.0.2.31 b78af000-b78df000 r-xp 00000000 00:5b 423641948 /usr/lib/libidn.so.11.5.19 b78df000-b78e0000 rw-p 0002f000 00:5b 423641948 /usr/lib/libidn.so.11.5.19 b78e0000-b792b000 r-xp 00000000 00:5b 371230374 /opt/curlssl/lib/libcurl.so.4.2.0 b792b000-b792d000 rw-p 0004a000 00:5b 371230374 /opt/curlssl/lib/libcurl.so.4.2.0 b792d000-b792e000 rw-p b792d000 00:00 0 b792e000-b7930000 r-xp 00000000 00:5b 364943437 /lib/libcom_err.so.2.1 b7930000-b7931000 rw-p 00001000 00:5b 364943437 /lib/libcom_err.so.2.1 b7931000-b7957000 r-xp 00000000 00:5b 423641960 /usr/lib/libk5crypto.so.3.1 b7957000-b7958000 rw-p 00025000 00:5b 423641960 /usr/lib/libk5crypto.so.3.1 b7958000-b79ec000 r-xp 00000000 00:5b 423641971 /usr/lib/libkrb5.so.3.3 b79ec000-b79ef000 rw-p 00093000 00:5b 423641971 /usr/lib/libkrb5.so.3.3 b79ef000-b7a1b000 r-xp 00000000 00:5b 423641936 /usr/lib/libgssapi_krb5.so.2.2 b7a1b000-b7a1c000 rw-p 0002c000 00:5b 423641936 /usr/lib/libgssapi_krb5.so.2.2 b7a1c000-b7a31000 r-xp 00000000 00:5b 364944259 /lib/libnsl-2.5.so b7a31000-b7a32000 r--p 00014000 00:5b 364944259 /lib/libnsl-2.5.so b7a32000-b7a33000 rw-p 00015000 00:5b 364944259 /lib/libnsl-2.5.so b7a33000-b7a35000 rw-p b7a33000 00:00 0 b7a35000-b7a5c000 r-xp 00000000 00:5b 364944092 /lib/libm-2.5.so b7a5c000-b7a5d000 r--p 00026000 00:5b 364944092 /lib/libm-2.5.so b7a5d000-b7a5e000 rw-p 00027000 00:5b 364944092 /lib/libm-2.5.so b7a5e000-b7a5f000 rw-p b7a5e000 00:00 0 b7a5f000-b7a70000 r-xp 00000000 00:5b 364944544 /lib/libresolv-2.5.so b7a70000-b7a71000 r--p 00010000 00:5b 364944544 /lib/libresolv-2.5.so b7a71000-b7a72000 rw-p 00011000 00:5b 364944544 /lib/libresolv-2.5.so b7a72000-b7a74000 rw-p b7a72000 00:00 0 b7a74000-b7a7b000 r-xp 00000000 00:5b 364944552 /lib/librt-2.5.so b7a7b000-b7a7c000 r--p 00007000 00:5b 364944552 /lib/librt-2.5.so b7a7c000-b7a7d000 rw-p 00008000 00:5b 364944552 /lib/librt-2.5.so b7a7d000-b7aaf000 r-xp 00000000 00:5b 374888333 /opt/pcre/lib/libpcre.so.0.0.1 b7aaf000-b7ab0000 rw-p 00031000 00:5b 374888333 /opt/pcre/lib/libpcre.so.0.0.1 b7ab0000-b7ad1000 r-xp 00000000 00:5b 423641958 /usr/lib/libjpeg.so.62.0.0 b7ad1000-b7ad2000 rw-p 00020000 00:5b 423641958 /usr/lib/libjpeg.so.62.0.0 b7ad2000-b7af7000 r-xp 00000000 00:5b 423642095 /usr/lib/libpng12.so.0.10.0 b7af7000-b7af8000 rw-p 00024000 00:5b 423642095 /usr/lib/libpng12.so.0.10.0 b7af8000-b7b08000 r-xp 00000000 00:5b 423641792 /usr/lib/libXpm.so.4.11.0 b7b08000-b7b09000 rw-p 00010000 00:5b 423641792 /usr/lib/libXpm.so.4.11.0 b7b09000-b7b0a000 rw-p b7b09000 00:00 0 b7b0a000-b7c09000 r-xp 00000000 00:5b 423641782 /usr/lib/libX11.so.6.2.0 b7c09000-b7c0d000 rw-p 000ff000 00:5b 423641782 /usr/lib/libX11.so.6.2.0 b7c0d000-b7c8a000 r-xp 00000000 00:5b 423641893 /usr/lib/libfreetype.so.6.3.10 b7c8a000-b7c8d000 rw-p 0007d000 00:5b 423641893 /usr/lib/libfreetype.so.6.3.10 b7c8d000-b7c97000 r-xp 00000000 00:5b 365016397 /lib/libpam.so.0.81.5 b7c97000-b7c98000 rw-p 0000a000 00:5b 365016397 /lib/libpam.so.0.81.5 b7c98000-b7dc2000 r-xp 00000000 00:5b 365016177 /lib/libcrypto.so.0.9.8e b7dc2000-b7dd6000 rw-p 00129000 00:5b 365016177 /lib/libcrypto.so.0.9.8e b7dd6000-b7dd9000 rw-p b7dd6000 00:00 0 b7dd9000-b7e1d000 r-xp 00000000 00:5b 365016213 /lib/libssl.so.0.9.8e b7e1d000-b7e21000 rw-p 00043000 00:5b 365016213 /lib/libssl.so.0.9.8e b7e21000-b7e24000 r-xp 00000000 00:5b 364943965 /lib/libdl-2.5.so b7e24000-b7e25000 r--p 00002000 00:5b 364943965 /lib/libdl-2.5.so b7e25000-b7e26000 rw-p 00003000 00:5b 364943965 /lib/libdl-2.5.so b7e26000-b7e27000 rw-p b7e26000 00:00 0 b7e27000-b7e2d000 r-xp 00000000 00:5b 423641984 /usr/lib/libltdl.so.3.1.4 b7e2d000-b7e2e000 rw-p 00005000 00:5b 423641984 /usr/lib/libltdl.so.3.1.4 b7e2e000-b7e55000 r-xp 00000000 00:5b 372789623 /opt/libmcrypt/lib/libmcrypt.so.4.4.8 b7e55000-b7e58000 rw-p 00027000 00:5b 372789623 /opt/libmcrypt/lib/libmcrypt.so.4.4.8 b7e58000-b7e5d000 rw-p b7e58000 00:00 0 b7e5d000-b7ea2000 r-xp 00000000 00:5b 374348608 /opt/mhash/lib/libmhash.so.2.0.1 b7ea2000-b7ea3000 rw-p 00044000 00:5b 374348608 /opt/mhash/lib/libmhash.so.2.0.1 b7ea3000-b7eac000 r-xp 00000000 00:5b 364943894 /lib/libcrypt-2.5.so b7eac000-b7ead000 r--p 00008000 00:5b 364943894 /lib/libcrypt-2.5.so b7ead000-b7eae000 rw-p 00009000 00:5b 364943894 /lib/libcrypt-2.5.so b7eae000-b7ed5000 rw-p b7eae000 00:00 0 b7ed5000-b7ed9000 r-xp 00000000 00:5b 364944404 /lib/libnss_dns-2.5.so b7ed9000-b7eda000 r--p 00003000 00:5b 364944404 /lib/libnss_dns-2.5.so b7eda000-b7edb000 rw-p 00004000 00:5b 364944404 /lib/libnss_dns-2.5.so b7edb000-b7edd000 rw-p b7edb000 00:00 0 b7ede000-b7fbc000 r-xp 00000000 00:5b 423626438 /usr/lib/libstdc++.so.6.0.8 b7fbc000-b7fbf000 r--p 000dd000 00:5b 423626438 /usr/lib/libstdc++.so.6.0.8 b7fbf000-b7fc1000 rw-p 000e0000 00:5b 423626438 /usr/lib/libstdc++.so.6.0.8 b7fc1000-b7fc8000 rw-p b7fc1000 00:00 0 b7fc8000-b7fe3000 r-xp 00000000 00:5b 364943576 /lib/ld-2.5.so b7fe3000-b7fe4000 r--p 0001a000 00:5b 364943576 /lib/ld-2.5.so b7fe4000-b7fe5000 rw-p 0001b000 00:5b 364943576 /lib/ld-2.5.so bffa5000-bffba000 rw-p 7ffffffe9000 00:00 0 [stack] Code (markup):
i tried so too but didn't work i'm wondering why it didn't work the script works fine when i disable the firewall when i enable it and exclude the user or the file it stops sending me emails but the script doesn't work properly
Also, the user line in the ignore file should work fine as well. Did you remember to restart csf and lfd after updating the file?