All about CSF Messenger Service

All about CSF Messenger Service

Consider you have a server with client sites on it and having CSF firewall to protect against various attacks. There is more chance your clients will get blocked by the server CSF firewall for various reasons such as failed control panel or email login attempts or by any ModSecurity rule being constantly triggered. In such situation, the user will lose full access to the server and they may start worrying or will email us as their website/server is down for some reason and may get angry without knowing exactly what happens there. To reduce these kinds of situation, the CSF itself has a messenger feature through which if one IP gets blocked for some reasons then the CSF will show a web page as the connection blocked towards the server. This can be altered to allow the clients to unban the IP address themselves using a reCAPTCHA submit button if needed. Here I will explain on how we can enable this feature on a cPanel/non-cPanel server.

I hope you already have CSF installed, if not install CSF firewall by following our article here for better protection: https://www.1onlyhost.net/tips/kb/csf-installation-basic-configuration/

For cPanel server, you can manage the same through WHM interface and for others, you will need to log in as root via SSH and perform the following steps.

1) Open CSF configuration file at /etc/csf/csf.conf using your favorite terminal text editor or via WHM interface > ConfigServer Security Firewall > Firewall Configuration > select ‘Messenger service’ from the drop-down menu and alter the value as follows.

# vi /etc/csf/csf.conf

MESSENGER = “1”

2) If you wish to add unban option for the client themselves, then you may need to create ReCaptcha keys first by going to https://www.google.com/recaptcha/intro/index.html where make sure to uncheck the option ‘Domain Name Validation’ there. Once you have created the ReCaptcha, enter the site key and secure key in below section on CSF configuration to have it implemented.

RECAPTCHA_SITEKEY = “add the site key here”

RECAPTCHA_SECRET = “add secure key here”

3) Create a user for CSF messenger service with no login or shell access, here we named it ‘csf’.

# useradd csf -s /bin/false

4) Restart both CSF and LFD services on the server and you are done with the setup.

# service csf status

# service lfd status

You can also customize the blocked page as your wish. For this, you will need to alter the index.html (for standard block page) and or index.recaptcha.html (for reCaptcha block page) located at /etc/csf/messenger folder. Make sure to restart the LFD/CSF service each time you perform any alteration on these files, otherwise, it will not reflect as you expect.

If you require any assistance in setting up this feature, please feel free to contact our support department.