Author Topic: CWP Pro LFD= daemon stopped  (Read 1839 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CWP Pro LFD= daemon stopped
« on: November 10, 2021, 03:04:48 AM »
Nov 10 03:38:39 host lfd[14554]: daemon stopped
Nov 10 03:40:58 host lfd[15735]: daemon started on xxx.xxxx.tdl v14.12 (CentOS Web Panel)
Nov 10 03:40:58 host lfd[15735]: LF_APACHE_ERRPORT: Set to [2]
Nov 10 03:40:58 host lfd[15735]: Main Process: syntax error at /usr/local/csf/bin/regex.custom.pm line 8, near ") und "
syntax error at /usr/local/csf/bin/regex.custom.pm line 8, near "}) "
syntax error at /usr/local/csf/bin/regex.custom.pm line 15, near "}"
Compilation failed in require at /usr/local/csf/lib/ConfigServer/RegexMain.pm line 73.


Next shit: after everything was set up again and the server ran for 12 hours without making any great changes, the firewall shows that it no longer runs from one minute to the other! Restart -
systemctl disable firewalld
systemctl stop firewalld
csf -x

blaa blaaaaaa


here the log:
Code: [Select]
Nov  9 00:00:02 hostname lfd[7914]: Exploit Tracking...
Nov  9 00:00:02 hostname lfd[7914]: Directory Watching...
Nov  9 00:00:02 hostname lfd[7914]: Temp to Perm Block Tracking...
Nov  9 00:00:02 hostname lfd[7914]: Process Tracking...
Nov  9 00:00:02 hostname lfd[7914]: Account Tracking...
Nov  9 00:00:02 hostname lfd[7914]: SSH Tracking...
Nov  9 00:00:02 hostname lfd[7914]: Webmin Tracking...
Nov  9 00:00:02 hostname lfd[7914]: SU Tracking...
Nov  9 00:00:02 hostname lfd[7914]: Console Tracking...
Nov  9 00:00:02 hostname lfd[7914]: RESTRICT_SYSLOG: Unix socket permissions reapplied. Reopening log files...
Nov  9 00:00:02 hostname lfd[7914]: Watching /var/log/maillog...
Nov  9 00:00:02 hostname lfd[7914]: Watching /var/log/messages...
Nov  9 00:00:02 hostname lfd[7914]: Watching /var/log/secure...
Nov  9 00:00:02 hostname lfd[7914]: Watching /var/log/customlog...
Nov  9 00:00:02 hostname lfd[7914]: Watching /var/log/dovecot-info.log...
Nov  9 00:00:02 hostname lfd[7914]: Watching /usr/local/apache/logs/error_log...
Nov  9 00:00:02 hostname lfd[7914]: Watching /var/log/cwp_client_login.log...
Nov  9 00:00:02 hostname lfd[7981]: *User Processing* PID:22469 Kill:0 User:memcached Time:8831 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 00:00:02 hostname lfd[7981]: *User Processing* PID:16158 Kill:0 User:redis Time:9808 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 00:48:01 hostname lfd[11427]: (smtpauth) Failed SMTP AUTH login from 114.99.15.194 (CN/China/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SMTPAUTH]
Nov  9 01:00:07 hostname lfd[12400]: *User Processing* PID:22469 Kill:0 User:memcached Time:12435 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 01:00:07 hostname lfd[12400]: *User Processing* PID:16158 Kill:0 User:redis Time:13413 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 02:00:11 hostname lfd[16829]: *User Processing* PID:22469 Kill:0 User:memcached Time:16040 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 02:00:11 hostname lfd[16829]: *User Processing* PID:16158 Kill:0 User:redis Time:17017 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 03:00:15 hostname lfd[21253]: *User Processing* PID:22469 Kill:0 User:memcached Time:19644 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 03:00:15 hostname lfd[21253]: *User Processing* PID:16158 Kill:0 User:redis Time:20621 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 04:00:19 hostname lfd[19483]: *User Processing* PID:22469 Kill:0 User:memcached Time:23248 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 04:00:19 hostname lfd[19483]: *User Processing* PID:16158 Kill:0 User:redis Time:24225 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 05:00:23 hostname lfd[24012]: *User Processing* PID:22469 Kill:0 User:memcached Time:26852 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 05:00:23 hostname lfd[24012]: *User Processing* PID:16158 Kill:0 User:redis Time:27829 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 06:00:27 hostname lfd[28539]: *User Processing* PID:22469 Kill:0 User:memcached Time:30456 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 06:00:27 hostname lfd[28539]: *User Processing* PID:16158 Kill:0 User:redis Time:31433 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 07:00:31 hostname lfd[466]: *User Processing* PID:22469 Kill:0 User:memcached Time:34060 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 07:00:31 hostname lfd[466]: *User Processing* PID:16158 Kill:0 User:redis Time:35037 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 08:00:36 hostname lfd[4901]: *User Processing* PID:22469 Kill:0 User:memcached Time:37664 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 08:00:36 hostname lfd[4901]: *User Processing* PID:16158 Kill:0 User:redis Time:38642 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 09:00:40 hostname lfd[9378]: *User Processing* PID:22469 Kill:0 User:memcached Time:41269 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 09:00:40 hostname lfd[9378]: *User Processing* PID:16158 Kill:0 User:redis Time:42246 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 09:12:00 hostname lfd[10993]: *SSH login* from IP188.xxx.xxx.xx into the root account using publickey authentication
Nov  9 09:32:32 hostname lfd[7914]: csf (re)start requested - running *csf startup*...
Nov  9 09:32:32 hostname lfd[7914]: csf (re)start completed
Nov  9 09:35:18 hostname lfd[7914]: csf (re)start requested - running *csf startup*...
Nov  9 09:35:18 hostname lfd[7914]: csf (re)start completed
Nov  9 09:48:55 hostname lfd[7914]: Main Process: TERM
Nov  9 09:48:55 hostname lfd[7914]: daemon stopped
Nov  9 09:48:55 hostname lfd[13636]: daemon started on hostname.domainnam.tld - csf v14.12 (CentOS Web Panel)
Nov  9 09:48:55 hostname lfd[13636]: LF_APACHE_ERRPORT: Set to [2]
Nov  9 09:48:55 hostname lfd[13636]: Restricting syslog/rsyslog socket acccess to group [mysyslog]...
Nov  9 09:48:55 hostname lfd[13636]: CSF Tracking...
Nov  9 09:48:55 hostname lfd[13636]: IPv6 Enabled...
Nov  9 09:48:55 hostname lfd[13636]: LOAD Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Country Code Lookups...
Nov  9 09:48:55 hostname lfd[13636]: System Integrity Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Exploit Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Directory Watching...
Nov  9 09:48:55 hostname lfd[13636]: Temp to Perm Block Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Process Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Account Tracking...
Nov  9 09:48:55 hostname lfd[13636]: SSH Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Webmin Tracking...
Nov  9 09:48:55 hostname lfd[13636]: SU Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Console Tracking...
Nov  9 09:48:55 hostname lfd[13636]: Watching /var/log/messages...
Nov  9 09:48:55 hostname lfd[13636]: Watching /var/log/secure...
Nov  9 09:48:55 hostname lfd[13636]: Watching /usr/local/apache/domlogs/178.xxx.xxx.xxx.log...
Nov  9 09:48:55 hostname lfd[13636]: Watching /usr/local/apache/domlogs/hostname.domainnam.tld.error.log...
Nov  9 09:48:55 hostname lfd[13636]: Watching /var/log/customlog...
Nov  9 09:48:55 hostname lfd[13636]: Watching /usr/local/apache/domlogs/178.xxx.xxx.xxx.error.log...
Nov  9 09:48:55 hostname lfd[13636]: Watching /usr/local/apache/domlogs/hostname.domainnam.tld.log...
Nov  9 09:48:55 hostname lfd[13636]: Watching /var/log/maillog...
Nov  9 09:48:55 hostname lfd[13636]: Watching /usr/local/apache/logs/error_log...
Nov  9 09:48:55 hostname lfd[13636]: Watching /var/log/dovecot-info.log...
Nov  9 09:48:55 hostname lfd[13636]: Watching /var/log/cwp_client_login.log...
Nov  9 09:48:55 hostname lfd[13667]: *User Processing* PID:16158 Kill:0 User:redis Time:45141 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 09:57:46 hostname lfd[16500]: *SSH login* from IP188.xxx.xxx.xx into the root account using publickey authentication
Nov  9 09:59:36 hostname lfd[16909]: Directory Watching terminated after 40 seconds
Nov  9 09:59:36 hostname lfd[16909]: LF_DIRWATCH taking 40 seconds, temporarily throttled to run every 900 seconds
Nov  9 10:05:56 hostname lfd[22932]: *User Processing* PID:30715 Kill:0 User:memcached Time:1815 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 10:15:37 hostname lfd[8111]: Directory Watching terminated after 100 seconds
Nov  9 10:15:37 hostname lfd[8111]: LF_DIRWATCH taking 100 seconds, temporarily throttled to run every 2700 seconds
Nov  9 10:37:59 hostname lfd[9614]: *User Processing* PID:32494 Kill:0 User:memcached Time:1835 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 10:49:00 hostname lfd[10471]: *User Processing* PID:16158 Kill:0 User:redis Time:48746 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 11:03:36 hostname lfd[11668]: *SSH login* from IP188.xxx.xxx.xx into the root account using publickey authentication
Nov  9 11:03:40 hostname lfd[11086]: Directory Watching terminated after 280 seconds
Nov  9 11:03:40 hostname lfd[11086]: LF_DIRWATCH taking 280 seconds, temporarily throttled to run every 8100 seconds
Nov  9 11:07:01 hostname lfd[12958]: *SSH login* from IP188.xxx.xxx.xx into the root account using publickey authentication
Nov  9 11:20:22 hostname lfd[14716]: *SSH login* from IP188.xxx.xxx.xx into the root account using publickey authentication
Nov  9 11:38:04 hostname lfd[16772]: *User Processing* PID:32494 Kill:0 User:memcached Time:5440 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 11:49:05 hostname lfd[19115]: *User Processing* PID:16158 Kill:0 User:redis Time:52351 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 12:38:14 hostname lfd[6187]: *User Processing* PID:32494 Kill:0 User:memcached Time:9201 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 12:49:15 hostname lfd[10472]: *User Processing* PID:16158 Kill:0 User:redis Time:56112 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 13:27:43 hostname lfd[32719]: Directory Watching terminated after 820 seconds
Nov  9 13:27:43 hostname lfd[32719]: LF_DIRWATCH taking 820 seconds, temporarily throttled to run every 24300 seconds
Nov  9 13:38:20 hostname lfd[2261]: *User Processing* PID:32494 Kill:0 User:memcached Time:12807 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 13:49:21 hostname lfd[3132]: *User Processing* PID:16158 Kill:0 User:redis Time:59717 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 14:38:25 hostname lfd[7072]: *User Processing* PID:32494 Kill:0 User:memcached Time:16412 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 14:49:26 hostname lfd[7933]: *User Processing* PID:16158 Kill:0 User:redis Time:63322 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 15:38:30 hostname lfd[11898]: *User Processing* PID:32494 Kill:0 User:memcached Time:20017 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 15:49:31 hostname lfd[12756]: *User Processing* PID:16158 Kill:0 User:redis Time:66927 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 16:38:35 hostname lfd[16709]: *User Processing* PID:32494 Kill:0 User:memcached Time:23622 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 16:49:36 hostname lfd[17562]: *User Processing* PID:16158 Kill:0 User:redis Time:70532 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 17:38:40 hostname lfd[22188]: *User Processing* PID:32494 Kill:0 User:memcached Time:27227 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 17:49:42 hostname lfd[23915]: *User Processing* PID:16158 Kill:0 User:redis Time:74138 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 18:38:46 hostname lfd[28254]: *User Processing* PID:32494 Kill:0 User:memcached Time:30834 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 18:47:27 hostname lfd[17892]: *SSH login* from IP188.xxx.xxx.xx into the root account using publickey authentication
Nov  9 18:49:47 hostname lfd[18215]: *User Processing* PID:16158 Kill:0 User:redis Time:77744 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 19:38:51 hostname lfd[22564]: *User Processing* PID:32494 Kill:0 User:memcached Time:34439 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 19:49:52 hostname lfd[23480]: *User Processing* PID:16158 Kill:0 User:redis Time:81349 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 20:38:56 hostname lfd[27613]: *User Processing* PID:32494 Kill:0 User:memcached Time:38044 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 20:39:48 hostname lfd[24278]: Directory Watching terminated after 2440 seconds
Nov  9 20:39:48 hostname lfd[24278]: LF_DIRWATCH taking 2440 seconds, temporarily throttled to run every 72900 seconds
Nov  9 20:49:57 hostname lfd[28541]: *User Processing* PID:16158 Kill:0 User:redis Time:84954 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 21:39:02 hostname lfd[32716]: *User Processing* PID:32494 Kill:0 User:memcached Time:41649 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 21:50:02 hostname lfd[1312]: *User Processing* PID:16158 Kill:0 User:redis Time:88559 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 22:39:07 hostname lfd[5455]: *User Processing* PID:32494 Kill:0 User:memcached Time:45254 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 22:50:08 hostname lfd[6447]: *User Processing* PID:16158 Kill:0 User:redis Time:92164 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov  9 23:39:12 hostname lfd[10542]: *User Processing* PID:32494 Kill:0 User:memcached Time:48859 EXE:/usr/bin/memcached CMD:/usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024
Nov  9 23:50:13 hostname lfd[11543]: *User Processing* PID:16158 Kill:0 User:redis Time:95769 EXE:/usr/bin/redis-server CMD:/usr/bin/redis-server 127.0.0.1:6379
Nov 10 00:00:02 hostname lfd[13636]: Main Process: TERM
Nov 10 00:00:02 hostname lfd[13636]: daemon stopped
Nov 10 00:00:02 hostname lfd[12479]: daemon started on hostname.domainnam.tld - csf v14.12 (CentOS Web Panel)
Nov 10 00:00:02 hostname lfd[12479]: LF_APACHE_ERRPORT: Set to [2]
Nov 10 00:00:02 hostname lfd[12479]: Main Process: syntax error at /usr/local/csf/bin/regex.custom.pm line 8, near ") und "
syntax error at /usr/local/csf/bin/regex.custom.pm line 8, near "}) "
syntax error at /usr/local/csf/bin/regex.custom.pm line 15, near "}"
Compilation failed in require at /usr/local/csf/lib/ConfigServer/RegexMain.pm line 73.

..................................

Nov 10 03:38:39 hostname lfd[14554]: daemon stopped
Nov 10 03:40:58 hostname lfd[15735]: daemon started on hostname.domainnam.tld - csf v14.12 (CentOS Web Panel)
Nov 10 03:40:58 hostname lfd[15735]: LF_APACHE_ERRPORT: Set to [2]
Nov 10 03:40:58 hostname lfd[15735]: Main Process: syntax error at /usr/local/csf/bin/regex.custom.pm line 8, near ") und "
syntax error at /usr/local/csf/bin/regex.custom.pm line 8, near "}) "
syntax error at /usr/local/csf/bin/regex.custom.pm line 15, near "}"
Compilation failed in require at /usr/local/csf/lib/ConfigServer/RegexMain.pm line 73.

Nov 10 03:40:58 hostname lfd[15735]: daemon stopped
After the restart the server was down and now no more access possible !!!!

So folks, the whole shit is getting on my nerves now and if you don't get a grip on it, I'm pulling all of my customers off of CWP. These are pay customers. The advertising in other forums for you should then be really negative !!!!!!!!!!

Offline
*
Re: CWP Pro LFD= daemon stopped
« Reply #1 on: November 10, 2021, 10:08:10 AM »

Try to run this:
Code: [Select]
/scripts/cwp_bruteforce_protection

if doesn't help then contact cwp support, this issue looks interesting
https://control-webpanel.com/contact
« Last Edit: November 10, 2021, 10:11:43 AM by studio4host »
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.