Brute force monitor, blocked ip's still getting through?

bjorn

Verified User
Joined
Sep 17, 2014
Messages
17
Hi,

Somehow a single blocked ip is getting through the Brute force monitor?

BFM example record:
----------------------
14400007210098 167.88.35.243 info@[client-domain].nl 1 exim2 2015-08-19 18:12:00 login authenticator failed for (ylmf-pc) [167.88.35.243]: 535 Incorrect authentication data (set_id=info@[client-domain].nl)
----------------------

In this post 'zEitEr' said to run:
Code:
iptables-save

Result is a long list with blocked ip's. Small portion of the list:
Code:
-A INPUT -s 103.41.124.109/32 -j DROP
-A INPUT -s 103.41.125.104/32 -j DROP
-A INPUT -s 103.41.125.15/32 -j DROP
-A INPUT -s 103.41.125.58/32 -j DROP
-A INPUT -s 103.41.125.64/32 -j DROP
-A INPUT -s 103.41.125.101/32 -j DROP
-A INPUT -s 103.41.125.62/32 -j DROP
-A INPUT -s 103.41.125.63/32 -j DROP
-A INPUT -s 103.41.125.42/32 -j DROP
-A INPUT -s 103.41.125.61/32 -j DROP
-A INPUT -s 103.41.125.56/32 -j DROP

The problem ip (167.88.35.243) is inside the blocked list??

IP: 167.88.35.243
Login failures: 32934
First: Aug 19 12:50
Last: Aug 19 18:29

Any help is much appreciated!

Regards,

Bjorn
 
Last edited:
Problem is fixed..

Not sure what was causing the problem, but clearing 'root/blocked_ips.txt' & 'service iptables restart' fixed the firewall problem...?

Lol.. I'm writing this and I recieve an email from my hoster. Apparently there's a cap on the iptables list.
 
Last edited:
Back
Top