WHM: Disable LFD Notifications
January 9, 2017
Disabling LFD Notifications in WHM
When administrating a server, I prefer to focus on meaningful log messages. If too many alerts are coming through, the important messages can be lost in the struggle. On one of our servers, there was a high volume of lfd perm block notifications. Email notifications similar to:
Subject: lfd on host.thegillagency.com: blocked 190.179.171.170 (AR/Argentina/190-179-171-170.speedy.com.ar)
Time: Tue Jan 10 15:50:12 2017 -0500
IP: 190.179.171.170 (AR/Argentina/190-179-171-170.speedy.com.ar)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked: Permanent Block
Log entries:
Jan 10 15:49:55 host sshd[2159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.179.171.170 user=root
Jan 10 15:49:57 host sshd[2159]: Failed password for root from 190.179.171.170 port 48435 ssh2
Jan 10 15:49:59 host sshd[2159]: Failed password for root from 190.179.171.170 port 48435 ssh2
Jan 10 15:50:01 host sshd[2159]: Failed password for root from 190.179.171.170 port 48435 ssh2
Jan 10 15:50:10 host sshd[2178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.179.171.170 user=rootResolution
This is how to disable these messages within WHM/Cpanel.
- Login to WHM
- Search for/navigation to: Plugins > ConfigServer Security & Firewall
- Click on “ConfigServer Firewall” Tab
- Click on “Firewall Configuration” button
- Search within the page for “LF_PERMBLOCK_ALERT”
- Set to “Off”
- Click “Change” at bottom of the page
- Click “Restart csf+lfd” to restart services