Hi I've noticed that some SKY IP ranges are not being correctly identified by the CC checking. On one server we have GB ignored, but I keep seeing LFD blocking them.
Time: Thu Feb 27 22:30:36 2014 +0000
IP: 5.65.121.x (GB/United Kingdom/xxx.skybroadband.com)
Failures: x (smtpauth)
Interval: x
Blocked: Temporary Block
If the country is being correctly identified via the geoip lookup - why is...
In three installations of VPS with Centos 6, I have have configured csf to exchange information. All the cluster commands works perfect except the remove command.
My own ip got blocked. During the trial to identify, the C Block of my provider got blocked.
I was logged in Webmin in all servers. I have issued cluster remove ip address.
I think I am looking at a solution for this...kind of backward, but is there a way to tell CSF to only let IP addresses from USA log into WHM, CPanel, Email etc??
I really need to read up on CSF and understand it, but I am trying to calm a company down who is worried about the number of attempts they have had with people trying to log into their site.
I'm just using the new option for using wildcards in logs as followed:
HTACCESS_LOG = /var/log/httpd/error_log /var/log/httpd/domains/*.error.log
Now we have a regexp.custom.pm like this:
if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\ \ \ My protection (.*) banned IP: (\S+)/)) {
return ( Mytrap triggered ,$1, bottrap ,1, 80,443 , 3600 );
}
Probably something simple that I missed here, but I'd love some insight.
I changed the default FTP port on my host, and notified my members of the change. For the sake of conversation, I'll say I changed it to 888. I'm running Pure-FTPD, and change the bind port in pure-ftpd.conf.
I can FTP right in because my client is in the allow file, but nobody else can. I added the new port to csf.conf...
i have noticed my log files are filling up with wp-login.php attacks. my wordpress site itself is secured with a 2 second login-delay along with two separate captchas (yes its overkill but it helps me sleep at night)
however, there are thousands and thousands of attacks, most taking place between 4 and 6am (eastern standard time).
I write this post because I have a problem I can not solve despite having made the changes proposed in many other posts on the forum.
My server is set up to work in pure-ftpd
Some users are blocked firewall of some not
The changes that I have made I have taken from this post:
viewtopic.php?f=6&t=4091&hilit=ftp+connection+tracking
Does anyone have the same problem or has found a way to...
Hello in my server i change the ssh port from 22 to 4176
i also open the tcp_in and tcp_out this port and delete the 22
I can login to the ssh. I also try from another ip to be blocked or alerted.
Nothing happened
In the allow ips this ip it is not stated there
also in deny
so what can i do to be informed or even alerted whenever someone tries to login in this port??
Hi.
I have many blocked IPs in csf with do not delete comment. But every day I got notifications from server about new brute force attacks via some of these IPs.
What's the problem ?
Could you please recommend how to make LFD watch one of the IP that is on my interface (local).
I use Squid to connect to my proxy server. When I try to login to webmin and fail on purpose (to check), LFD does nothing? From other IPs it works fine!
I can't believe that I am writing about this matter again! I don't know if it a bug or it's me (most likely) but this time it doesn't seem that obvious!
I have to detect failed logins to my XMPP server (Prosody). The log line (with spaces as it is):
Feb 19 15:02:04 domain.ru:log_auth warn Failed authentication attempt (not-authorized) from IP: 1.2.3.4
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum