Advice on AlmaLinux 10: fail2ban instead of discontinued CSF?

[DrWizzle]

Yeah, when customers say 'use this', you use this. End of discussion. The old statement 'The customer is always right' is key here. While it's not always true, when it comes to their preference it is.

You may have a point. Thousands upon thousands love and trust DA as their panel of choice. You're also entitled to your view.

Were it me? I wouldn't touch DA with a 10 foot pole any more. This is exactly why. Their product quite literally bails on install because of pathetically poor design. When queried why, the logs show zip. No actual information.

Like I said, nobody is holding you ransom.

I have. Fix the product so that it is up to date. It is not

Only complaints I see on here seem to relate to Alma 10. Alma 10 iirc, is quite a new release and as such, some software may need updating to work with it. Any reason why you can't use 8 or 9 whilst issues with 10 get ironed out? Just a suggestion.

if you cannot handle negative feedback, that's on you. That's not me being rude, that's literally me providing accurate, negative feedback

I can handle negative feedback fine. There's negative feedback and there's going on the offensive and being rude. You seem to like old quotes, so here's another one for you: "You catch more flies with honey, than you do with vinegar"

Good for you. Welcome to 2010. You go ahead and enjoy your EOL, legacy product that will eventually fade into nothing because the developer abandoned it long ago. Meanwhile, the real world is calling for a real solution that actually works without relying on legacy hooks and garbage

Thank you. See, wasn't that hard making a nice comment was it? Gotta dash, just updating to XP SP3 on dial up.

Have a great day my friend

 

[Richard G]

You can keep lying about it all you want but that doesn't change the fact that it does not work as designed.

You can keep lying about that it doesn't work all you want, nobody will believe you without any proof.
So you can keep whining, but you were asked several times to proof your point, which you still haven't because you can't.
Seems you have been a sleep too. There have been lots changes from 2010 at least to 2022 with CSF, they even beat the "competition" around 2015.

If you want people to take you seriously, then put some arguments to your statements instead of just making useless statements, because in that case you're just as the lot we already have had on the forums which only come here to whine if something goes wrong and they are irritated about it and then blaming DA while they are the only one having the isssue.
We're laughing our asses of in the meatime with these kind of persons. So if you don't want to be put in that group, start making some proof with your statements instead of just keep complaining about the same without proof.

 

[johannes]

Gotta dash, just updating to XP SP3 on dial up.

Whats wrong with XP SP3? My installation is running since 2008, repaired it 3-4 times because of HD crashes, but its still working fine for me. Yes, on my main PC. (No dial up, sure, cable). Lot of small proggies were free, where I would have to pay a lot of money to get them back on Win10/11.

 

[DrWizzle]

Whats wrong with XP SP3? My installation is running since 2008, repaired it 3-4 times because of HD crashes, but its still working fine for me. Yes, on my main PC. (No dial up, sure, cable). Lot of small proggies were free, where I would have to pay a lot of money to get them back on Win10/11.

I don't use it anymore myself buddy, and kudos to you for using it for so long! Absolutely nothing wrong with XP, and to be fair I think it was one of the best versions ever.

 

[twhiting9275]

I can handle negative feedback fine. There's negative feedback and there's going on the offensive and being rude.

Which is exactly what you lot have done since someone bothered to point out that your precious software doesn't work right

Just because it works for you does not mean 'it works'. It does not follow the industry standard. It has not been updated properly to do so in years. This is NOT the first time I've seen this type of an issue with CSF/LFD. It's woefully behind and is abandonware.

 

[DrWizzle]

Which is exactly what you lot have done since someone bothered to point out that your precious software doesn't work right

Yes, you did point that out and the forum responded

Just because it works for you does not mean 'it works'. It does not follow the industry standard. It has not been updated properly to do so in years.

It isn't my precious software, but it works for me as my version of Ubuntu is supported. That's my choice of operating system on my servers. If I upgrade to 25.04 I may have issues, so I won't be upgrading until I know it's safe to do so. The same with yourself, you state it doesn't work with Alma 10. As I pointed out earlier, That is a newer version of that flavour of Linux and as such may have deprecated or removed dependencies that CSF needs to run. I understand it works fine with lower versions of Alma (Not tested by myself). Alma 10 is your choice.

This is NOT the first time I've seen this type of an issue with CSF/LFD. It's woefully behind and is abandonware.

So be the change you want to see. I'm sure there are other solutions out there for protecting your servers and customers. Alternatively, it is GPL and the source is out there. If you really want it, fork it and update it to your specifications. I'm sure DA are working behind the scenes to implement CSF on as many platforms as they can but that takes time.

 

[Richard G]

It has not been updated properly to do so in years.

You were the one being rude. And again... where is the proof here? And why didn't you complaint abou tthis years ago with CSF itself then?
Again, whining whining whining without any kind of proof or good argument and now also insulting us.
Says more of you than about us.

Just because it works for you does not mean 'it works'.

Also, if it only does not work for you doesn't mean it does not work.

PS... nothing updated for years.... some limited proof:

ChangeLog:

14.24 - Fixed regression bug in v14.23 "Modified UI HTTP header checks to be
        case agnostic"

14.23 - Modified Apache regexes to detect "remote" or "client" as the IP trigger
        Mdified UI HTTP header checks to be case agnostic

        Sanitise CC list strings

14.22 - Removed session IP match check from DA login

        Added example spamassassin temp file regex to csf.fignore for
        new installations

14.21 - Modified IP lookup to strip some missed quotes

        Added exe:/usr/bin/dbus-broker-launch and exe:/usr/bin/dbus-broker to
        csf.pignore for new installations

        Added check to ensure that only PUBLIC IP addresses are used when
        loading IPv4 CC zone files

        Fixed issue when converting embedded IPv4 addresses in IPv6 connections

14.20 - Modified MaxMind URLs to use https

        Fixed DOCTYPE print order for integrated UI login

        Added "Require all granted" to Messenger v3 .htaccess generation

        Normalise source IP during connection tracking for IPv6 comparisons

        Fixed regression for some IMAP logon failure detections

14.19 - Switch to using iptables-nft if it exists in /usr/sbin/iptables-nft

        Added IO::Handle::clearerr() call before reading data from a log file

        Added "Require all granted" to the MESSENGER .htaccess file

        Added UID/GID rules to IPv6 if enabled

        Modified dovecot regex to look for "failed: Connection reset by peer"

14.18 - Added port 853 for DoT to all new installs

        Added exe wpt-panopticon on cPanel servers to csf.pignore

        Updated list of EOL PHP versions

        Modified HTACCESS regex to include "remote" as well as "client" log
        lines

        Implemented DA POST workaround for saving large text files via the UI

        Modified MESSENGER to only send unblock email if a valid IP is
        requested

        Modified DA server check to look for multiple php versions in
        /usr/local/php*

Still waiting for proof of your statements.