Knowledge Base

CSF Configuration

cPGuard provides an interface to modify few of your CSF settings in an easy way. We have carefully selected the options to modify using the interface based on our of view and user feedback. If you want to add more options to the interface please contact our Support Department and we will review the request.

Short description of each configuration included in the CSF Configuration editor interface is given below.


This setting will then send an alert email if more than LF_SCRIPT_LIMIT lines appear with the same cwd= path in them within an hour. This can be useful in identifying spamming scripts on a server, especially PHP scripts running under the nobody account. The email that is sent includes the exim log lines and also attempts to find scripts that send email in the path that may be the culprit


The action script that executes when LF_SCRIPT_LIMIT exceeds. You can enable/disable this feature


Send an email alert if anyone logs in successfully using SSH


Send an email alert if anyone accesses WHM/cPanel via an account listed in LF_CPANEL_ALERT_USERS. An IP address will be reported again 1 hour after the last tracked access (or if lfd is restarted)


This is a comma separated list of accounts to send alerts for. To send an alert for all accounts set this to "all"


This option triggers for email sent via local IP addresses


Email threshold count for RT_LOCALHOSTRELAY_ALERT


Enable SYN Flood Protection. This option configures iptables to offer some protection from tcp SYN packet DOS attempts. You should set the RATE so that false-positives are kept to a minimum otherwise visitors may see connection issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables man page for the correct --limit rate syntax

# Note: This option should ONLY be enabled if you know you are under a SYN flood attack as it will slow down all new connections from any IP address to the server if triggered


Deny connections from the listed countries


Allow connections from the listed countries. # WARNING: CC_ALLOW allows access through all ports in the firewall.

Please rate this article to help us improve our Knowledge Base.

2 0