centos7 - CKFinder causes PORT FLOOD ban in CSF Firewall -
running multiple hosting servers centos7, csf firewall lfd. client sites using ckfinder file manager. lately lots of customers complaining time time, @ same time they're browsing file manager site won't connect anymore. not ckfinder whole domain.
i managed recreate error, opening ckfinder, , browse between folders, never uploaded it. see ip blocked on server csf. notification email server tells me:
time: sun aug 20 03:47:06 2017 +0200 ip: ***.**.***.*** (ph/philippines/-) hits: 11 blocked: temporary block sample of block hits: aug 20 03:46:41 app1 kernel: firewall: *port flood* in=eth0 out= mac=**:**:**:**:**:**:**:**:** src=***.**.***.*** dst=***.***.***.** len=52 tos=0x00 prec=0x00 ttl=107 id=22312 df proto=tcp spt=60306 dpt=80 window=65535 res=0x00 syn urgp=0 aug 20 03:46:41 app1 kernel: firewall: *port flood* in=eth0 out= mac=**:**:**:**:**:**:**:**:** src=***.**.***.*** dst=***.***.***.** len=52 tos=0x00 prec=0x00 ttl=107 id=22317 df proto=tcp spt=30109 dpt=80 window=65535 res=0x00 syn urgp=0 aug 20 03:46:41 app1 kernel: firewall: *port flood* in=eth0 out= mac=**:**:**:**:**:**:**:**:** src=***.**.***.*** dst=***.***.***.** len=52 tos=0x00 prec=0x00 ttl=107 id=22325 df proto=tcp spt=30110 dpt=80 window=65535 res=0x00 syn urgp=0 aug 20 03:46:41 app1 kernel: firewall: *port flood* in=eth0 out= mac=**:**:**:**:**:**:**:**:** src=***.**.***.*** dst=***.***.***.** len=52 tos=0x00 prec=0x00 ttl=107 id=22330 df proto=tcp spt=25078 dpt=80 window=65535 res=0x00 syn urgp=0 ... this happens different isps around world , it's getting huge problem our clients. it's setting in csf have no idea should start looking.
so question is, why in ckfinder may cause behaviour, , should start looking? can see me ip in temp ban list of csf, , remove ban can connect said domain again.
thanks!
edit 1
the portflood setting in csf currently:
portflood = "80;tcp;20;10,443;tcp;20;10" edit 2
tried recreate error in firefox , @ same time monitored/tailed ldf log file. nothing happens no matter how many times change folders inside file manager.
trying exact same in microsoft edge. difference between ff , edge on computer cfinder in swedish on edge (english in firefox). when have jumped between 5-6 folders in edge, csf ban me, port flooding.
Comments
Post a Comment