Control Web Panel
WebPanel => How to => Topic started by: DragoCom on July 24, 2025, 04:26:34 AM
-
I am being attacked and my sites are taken down by it (http, nginx, ftp, ssh, etc).
See screenshot for actual vnc view, stuff flying by so fast I can't even see what I am trying to type, it goes away before I am done. Host only told me to rescue disk and either reinstall os (for an attack???SERIOUSLY???) or that my csf firewall is misconfigured and it is over reacting (WTAF???). So what can I do from vnc or rescue disk to stop this? Any help is appreciated.
(https://i.ibb.co/p6c1KJ3D/flood.png) (https://ibb.co/mrkRy6Hs)
-
I can ping your server (85ms), nmap responds in a timely way, CWP test page loads, ssh prompt loads normally. It doesn't feel as though its under duress... Do you want me to take a look? If so, PM current ssh details to me. Maybe you just have CSF/LFD set to print errors to the console (and that can be overwhelming!)
-
To stop the console from getting flooded:
nano /etc/sysctl.conf
Add the line:
kernel.printk = 3 4 1 3Save & Close
Apply without Rebooting
sysctl -p
Or you can temporarily disable it via:
dmesg -n 1
Also maybe have someone who is familar with CSF/LFD take a look at your config.
-
Just created a new KB Article for this subject.
https://starburst.help/security/csf-lfd/how-to-stop-csf-messages-from-flooding-your-console-on-almalinux-8-9-10-rhel-based-operating-systems/ (https://starburst.help/security/csf-lfd/how-to-stop-csf-messages-from-flooding-your-console-on-almalinux-8-9-10-rhel-based-operating-systems/)
Feedback is welcome, sometimes ;)