How can I show a message to users blocked by the login failure daemon?

Messenger Service

The messenger service can display a message to a blocked connecting IP address to inform the user that they are blocked by the firewall. The service is provided by two daemons running on ports providing either an HTML or TEXT message. The iptables module ipt_REDIRECT is required.

To enable the messenger service

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service.
  2. Check the Messenger service checkbox.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

To customize the messenger service message

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service -> Messenger Templates
  2. Select the template you want to edit.
  3. Click the Update button to save your settings.

Messenger V3 Service (optional)

The messenger V3 service was added in Juggernaut 3.0 and uses Apache to provide the web server functionality for the messenger services. It uses a fraction of the resources that the LFD inbuilt service uses and overcomes the memory overhead of using the messenger HTTPS service. This option is recommended for advanced users who host a lot of domains as it provides better PCI compliance, multi-language support, and uses less resources.

  1. The messenger V3 uses the PHP on the server so the OS PHP and fast-cgi packages have to be installed.
  2. Messenger V3 templates are located in the /home/csf/ directory.
  3. The PHP files in /home/csf/public_html are subject to any modsecurity rules that you may be using.

To enable the messenger v3 service

  1. Navigate to Juggernaut Firewall -> Settings -> Login Failure Daemon -> Messenger Service.
  2. Check the Messenger V3 checkbox.
  3. Click the Update button to save your settings.
  4. Click the Restart button to restart the firewall and login failure daemon.

Messenger V3

Messenger V3 Settings

The items below are the recommended config defaults in /etc/csf/csf.conf for the messenger v3 service:

Centos/RHEL/AlmaLinux

MESSENGERV3LOCATION = "/etc/httpd/conf.d/"
MESSENGERV3RESTART = "systemctl restart httpd"
MESSENGERV3TEST = "/usr/sbin/apachectl -t"
MESSENGERV3HTTPS_CONF = "/etc/httpd/conf/httpd.conf"
MESSENGERV3WEBSERVER = "apache"
MESSENGERV3PERMS = "711"
MESSENGERV3GROUP = "apache"
MESSENGERV3PHPHANDLER = "Include /etc/csf/csf_php.conf"

Debian/Ubuntu

MESSENGERV3LOCATION = "/etc/apache2/conf-enabled/"
MESSENGERV3RESTART = "systemctl restart apache2"
MESSENGERV3TEST = "/usr/sbin/apachectl -t"
MESSENGERV3HTTPS_CONF = "/etc/apache2/apache2.conf"
MESSENGERV3WEBSERVER = "apache"
MESSENGERV3PERMS = "711"
MESSENGERV3GROUP = "www-data"
MESSENGERV3PHPHANDLER = "Include /etc/csf/csf_php.conf"

Modsecurity Exceptions

If you find that you have modsecurity rules that are blocking the messenger v3 service you could disable the specific rules for for the /home/csf/public_html directory only. For example add the file /etc/httpd/conf.d/messengerv3.conf on Centos/RHEL/AlmaLinux or /etc/apache2/conf-enabled/messengerv3.conf on Debian/Ubuntu then restart the Apache web server:

<IfModule mod_security2.c>
    <Directory /home/csf/public_html>
        SecRuleRemoveById 942200 942260 950100
    </Directory>
</ifModule>
  • messenger
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Can I use Juggernaut Firewall to block Wordpress bruteforce attacks?

Yes we support blocking attacks like these very easily. See the howto for how to enable a custom...

How can I raise the open file limit for the login failure daemon?

The login failure daemon can crash if you are monitoring a lot of domains in Plesk and are...

How can I test to make sure that the OS has all the required kernel modules required for Juggernaut Firewall?

Test from the Juggernaut Extension You can run the firewall test by going to Juggernaut Firewall...

How can I only allow SSH from my IP address and block it on the firewall for everyone else?

First make sure that your IP address is whitelisted on the firewall so you do not accidentally...

How can I adjust the attack triggers used by the login failure daemon?

To Adjust Login Failure Triggers Navigate to Juggernaut Firewall -> Settings -> Login...