The LFD, also known as the Login Failure Daemon, is an application for Linux servers. It checks logs for failed login attempts and, if it finds too many failed attempts from the same place, emails the server administrator.
These emails can be useful for spotting security problems, but they can also be too many, filling up your inbox with unimportant messages. Luckily, cPanel makes it easy to stop these emails, so you get fewer messages but still keep your server safe.
We'll guide you through turning off LFD email alerts in cPanel, step by step.
What is LFD (Login Failure Daemon)?
LFD is a program that runs all the time, checking every login attempt on your server. It looks at log files and stops any attempts that fail after a short time. These are often called "Brute-Force Attacks." LFD reacts quickly to these patterns and blocks any suspicious IP addresses.
Keeping LFD enabled is important to protect your server and users from security threats.
How does it work?
LFD checks server logs and sends notifications if certain processes use too much memory or take too long, as set in your CSF configuration file. It sees recent failed login attempts as "Brute Force Attacks" and blocks the IPs using CSF, a firewall configuration script commonly used in cPanel.
CSF helps enhance server security by managing the firewall easily and in advance. It allows you to block public access to services and only allow specific connections.
How to Turn Off LFD Email Alerts?
There are two main ways to stop getting LFD Email alerts in cPanel. You can do it through the WHM panel or SSH. Here's how to do both:
Steps to Turn Off all LFD Email Alerts from the WHM Panel
Step 1: Log in to WHM.
Step 2: Go to "ConfigServer Security & Firewall" under the "Plugin" section.
Step 3: Click on "Firewall Configuration" to edit the CSF configuration file.
Step 4: Find "LF_EMAIL_ALERT" in the configuration file and change it from "On" to "Off."
Step 5: Click "Change" to save the changes.
Step 6: Restart both csf and lfd services to apply the changes by clicking on "Restart csf+lfd."
Steps to Turn Off LFD Email Alerts from SSH
Step 1: Log in to the server via SSH.
Step 2: Open the csf configuration file and find LF_PERMBLOCK_ALERT. Set its value to 0.
# vi /etc/csf/csf.conf
LF_EMAIL_ALERT =0
Step 3: Restart both csf and lfd services to activate the changes.
# service csf restart
# service lfd restart
Important Note
You don't have to turn off all alerts. Instead, you can disable specific alerts inside the CSF configuration file (/etc/csf/csf.conf). Maybe there are alerts you're not interested in or find bothersome. Sometimes, you can keep those alerts but change when they trigger.
For example, if you get alerts about high memory usage that used to be normal, you can adjust the memory threshold in the configuration file. When deciding which alerts to disable, be honest about which ones you're willing to read. You don't want to get so used to ignoring alerts that you miss important ones.
Conclusion
Disabling LFD email alerts in cPanel can reduce unnecessary emails while still keeping your server secure. Follow the steps in this tutorial to turn off these alerts and adjust your server's security settings to fit your needs.
Remember to regularly check your server's logs for any unusual activity, even if you disable some alerts. Staying vigilant and taking proactive security measures will help keep your website and server safe and stable.