New csf v2.84 - not adding blocked IP's to deny list?

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
Metro2
Junior Member
Posts: 78
Joined: 10 Dec 2006, 10:10

New csf v2.84 - not adding blocked IP's to deny list?

Post by Metro2 »

I just downloaded / installed New csf v2.84 (released just this morning) and I've noticed something very odd.

Instead of actually putting the ip address of a brute forcer in the Deny list (like it normally would), LFD just keeps sending me alerts s every 4 minutes saying it's denying the user, but it never adds their IP to the Deny list and I have to go in and do it manually to stop them.

For example, here are just a few of the many emails I've received during the past hour since I upgrade to 2.84 - notice the time stamps and it's the same IP address over and over:

To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:04:05 -0500

Time: Fri Jul 13 11:04:05 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 80 seconds
Blocked: Yes

Log entries:

Jul 13 11:03:12 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:14 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:16 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:18 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:47 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:48 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:04:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:04:05 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]



To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:08:08 -0500

Time: Fri Jul 13 11:08:08 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 100 seconds
Blocked: Yes

Log entries:

Jul 13 11:06:54 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:32 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:47 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:51 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:53 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:57 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:08:01 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:08:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]



To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:11:13 -0500

Time: Fri Jul 13 11:11:13 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 35 seconds
Blocked: Yes

Log entries:

Jul 13 11:10:38 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:40 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:44 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:46 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:52 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:56 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:11:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:11:10 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]


I received at least 10 more until I went in and did a Quick Deny for 210.112.222.xx and then it stopped.

Could this be a bug? Or did something change in the new CSF that I need to adjust?

Anyone else experiencing this?

Thanks!
Top
Metro2
Junior Member
Posts: 78
Joined: 10 Dec 2006, 10:10

Post by Metro2 »

Nevermind, chirpy already fixed this and put out 2.85 (within minutes!!! :eek: )

Feel free to delete this or whatever, and thank you chirpy!!
Top
Post Reply

Return to “Report Bugs (csf)”