IP deny not working

I am banning an IP batch (190.120.238) in my htaccess file but every morning, in my logwatch file, I see this from the IP I am banning (this is only a portion of the login attemps. He's going through the alphabet. Today it's D).

LOGIN FAILED, user=daddy, ip=[::ffff:190.120.238.253]: 3 Time(s)
LOGIN FAILED, user=dael, ip=[::ffff:190.120.238.253]: 3 Time(s)
LOGIN FAILED, user=dag, ip=[::ffff:190.120.238.253]: 3 Time(s)
LOGIN FAILED, user=dagny, ip=[::ffff:190.120.238.253]: 3 Time(s)

Shouldn't he not even be in the logwatch file? I'm thinking he shouldn't even get that far.

All failed access attempts are logged. The entire purpose of logwatch is to tell you things like failed access attempts.

You can change the logwatch configuration to not report on certain files.

.htaccess only blocks httpd requests. In which file is logwatch finding this error?

Jeff

Are you running this site on a VPS by any chance? There is at least one VPS system that doesn't recognize iptable rules (like you're actually creating) unless a configuration change is made by the provider.