Brute force monitor with autoblock script issue

[messiaah]

I have installed autoblock script with brute force monitor and it shows ip gets blocked but normally it should block ips after ten false attempts.but bfm shows that server is getting hit so is it really blocking the ips and showing the attacks in the logs or is the attack happening and the script isnt able to block it. Please help

 

[messiaah]

hi can anybody please throw some light on the issue

 

[chatwizrd]

Well what block script are you using.

Read this guide:

http://help.directadmin.com/item.php?id=380

 

[messiaah]

i am using this very block script despite that it shows so many hits even after ip gets blocked

 

[Themis]

i am using this very block script despite that it shows so many hits even after ip gets blocked

Check these options (Admin level > Administrator Settings):
Reset count of IP/User failed attempts: XX hours after last attempt.
Clear failed login attempts from log: XX days after entry was made.

Also take a look here: http://forum.directadmin.com/showthread.php?t=45599&p=233421#post233421

 

[messiaah]

hi what i am trying to know is that even after the ip gets auto blocked the attack counts keep increasing.so is it that its just logging the event or the attack is still happening that's the reason its showing in bfm and its not able to block it

 

[zEitEr]

If an IP is blocked, then no new actions should be added into log files; if you see counter increasing and new lines with an IP, that would mean, that an IP is not properly blocked with your firewall.

You should check it with

iptables-save | grep 1.2.3.4

where replace 1.2.3.4 with a real IP.