Brute force monitor issue

ViAdCk

Verified User
Joined
Feb 14, 2005
Messages
270
Hello,

On one of our servers we can't get the brute force monitor page to load because it has a too many entries. We have cleared all brute* files in /usr/local/directadmin/data/admin but there are still showing hundreds or thousands IPs in the Blocked IPs section.

Is this information cached somewhere? We haven't been able to find where this information is being stored.

Regards
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,395
Location
Maastricht
Are you using CSF in combination with the Brute Force of DA?
If yes, you might have a look in the /etc/csf/csf.deny file. There is also a temp deny. They can be cleared via commandline.
You might want to limit the ip's for full and temp deny in csf.conf to maybe 1000 both or less.
 

ViAdCk

Verified User
Joined
Feb 14, 2005
Messages
270
Yes, I use csf but this doesn't appear to be related to csf. csf is configured to have only 100 temp blocks.

In the blocked ips section some IPs are showing from 2018, none of these ips is blocked in csf anymore.

Somewhere this information is being cached and not being updated, causing these issues.
 
Top