My Account | Help | Blog
You are here: Home / News / Webuzo / Fixing SSH and Webuzo Access After Enabling CSF

Fixing SSH and Webuzo Access After Enabling CSF

Webuzo 0 2 days ago

If you’ve recently enabled CSF (ConfigServer Security & Firewall) and suddenly lost access to SSH or the Webuzo panel, you’re not alone. CSF is a powerful firewall — but if not configured properly, it can unintentionally block critical ports including SSH and Webuzo admin access.

In this guide, we’ll show you how to fix this and prevent it from happening again.

🔐 Why This Happens

CSF, by default, only allows common ports like 22, 80, and 443. If you’re using:

  • A custom SSH port
  • Webuzo’s panel ports: 2002, 2003, 2005
  • Or other services not pre-listed in CSF

…you’ll get blocked from remote access as soon as CSF activates.

✅ How to Fix It

🔹 Step 1: Access the Server (via Console)

If you’ve lost SSH access, log in using your VPS provider’s emergency or rescue console. This is typically found in your provider’s dashboard.

Once inside, disable CSF temporarily:

csf -x

🔹 Step 2: Open the Required Ports

Edit the CSF configuration:

nano /etc/csf/csf.conf

Update the following entries:

TCP_IN = "20,21,22,80,443,2002,2003,2005,custom_ssh_port"
TCP_OUT = "20,21,22,80,443,2002,2003,2005,custom_ssh_port"

👉 Replace custom_ssh_port with your actual SSH port number.

🔹 Step 3: Whitelist Your IP (Recommended)

Add your IP to CSF allow list:

csf -a your.public.ip.address

This ensures your IP won’t get blocked automatically.

🔹 Step 4: Re-enable CSF

csf -r

Then test access to:

  • Your SSH port (e.g., ssh -p PORT user@your-server)
  • Webuzo Panel:
    • http://your-server-ip:2002
    • https://your-server-ip:2003
    • https://your-server-ip:2005 (admin functions)

🧪 Optional: Set Testing Mode to Off

If you had CSF in testing mode:

nano /etc/csf/csf.conf

Set:

iniCopyEditTESTING = "0"

Then restart CSF:

csf -r
or
csf -e

🛡️ Bonus Tips for CSF and Webuzo

  • Use persistent IP whitelisting in /etc/csf/csf.allow
  • ✅ Review the CSF deny logs: /var/log/lfd.log
  • ✅ Monitor blocked ports using netstat -tulnp | grep <port>

🚀 Need Help With CWP, Webuzo, or Server Security?

Running a high-traffic site or managing clients?

👉 Get high-performance, firewall-optimized VPS from Servers9
Includes optional CSF, ModSecurity, Imunify, and more — preconfigured by our experts.