CSF and LFD with Brute Force Monitor

A

AMD_infinium05

New member
Joined
Nov 18, 2015
Messages
5
Hi guys,

I have few issues that I don't know if this works normally or not.

1. http://s13.postimg.org/jmwtct4p3/block1.png After installing CSF/LFD, my 'Info IP' page from brute force monitor doesn't work. Clicking it will take around 5 mins and directadmin returns "timed out"

2. LFD automatically block offending smtpAuth login failures, however, the IP's being blocked doesn't appear on the Blocked IPs section of BFM. Manually selecting the offending IP and click Block IP will result in an prompt that the IP is already blocked.

3. http://s13.postimg.org/jmwtct4p3/block1.png <-- please refer to this link, 46.29.252.105 is already blocked by LFD, but why does it says NO at the blocked column? refer to these images http://s10.postimg.org/i8mhurm15/block2.png
http://s17.postimg.org/ftf1n4fun/block3.png


These are weird for me. I hope you could give solutions and insights.
 
ConfigServer Firewall / Login Failure Daemong and Brute Force Monitor

Hi Guys!

I have few issues that seems to be weird for me. Ill list here, maybe you can give ideas/explanations/insights about these.

Related Screenshots for your reference:
http://s8.postimg.org/p9f4ush5h/block1.png
http://s8.postimg.org/4b8ywphat/block2.png
http://s8.postimg.org/6v4lqt4ut/block3.png

1. IP info in Brute Force Monitor page doesn't work anymore after installing CSF/LFD. Clicking it will result in 5 mins wait and directadmin will return this error -- > http://s17.postimg.org/pus7enydb/timed_out.png

2. look at block1.png, the first IP address 46.29.252.105 was blocked automatically by LFD, however why does in Blocked Column is says "NO" ? Also entering it manually then clicking block IPs will result in error that it is already blocked.

3. Some blocked IP's are not listed in block2.png, please compare block2.png and block3.ph
 
Are you using Custombuild 2.0?

1.) It works on my server but I do not have the "blocked" option in there, only the notify option. How did you get that blocked option in there? Probably that adjustment is conflicting with CSF.

2.) Status "blocked" is imho only set to yes if Directadmin's BMF makes the block. I can be mistaken, but again, it depens on how you got that "blocked" status in there. Which adjustment did you use?

3.) See explanation of 2. BFM blocks and CSF blocks are different. BFM blocks will not be visible in the CSF blocklist and vice versa.
 
Richard G said:
Are you using Custombuild 2.0?

1.) It works on my server but I do not have the "blocked" option in there, only the notify option. How did you get that blocked option in there? Probably that adjustment is conflicting with CSF.

2.) Status "blocked" is imho only set to yes if Directadmin's BMF makes the block. I can be mistaken, but again, it depens on how you got that "blocked" status in there. Which adjustment did you use?

3.) See explanation of 2. BFM blocks and CSF blocks are different. BFM blocks will not be visible in the CSF blocklist and vice versa.
Click to expand...

This is the thread to get the block IP button in BFM.

I have this version csf v8.08
 
BFM blocks and csf/lfd blocks are 2 different things.

You can configure BFM to USE csf for blocking but that's actually just another way to get an ip in de iptables block list (based on a DA trigger).
Say your csf/lfd is configured to block failed ftp logins after 10 tries and in DirectAdmin (Admin settings) you specify a notify after 20 failed logins. Then csf/lfd will block the offending ip with no regard of directadmin's settings That's why it might look like it's not blocked in the BFM, but it actually is.

DA uses al blocked_ips.txt list (if configured as found on this forum somewhere) with an ip and a timestamp (in case you automatically want to unblock ip's) and that is the list shown in the BFM.
 
Hello,

1. You should open 43 port both TCP, UDP in both IPv4 and IPv6 sections.

2/3. CSF/LFD when blocking IPs does not sync them to a list of blocked IPs managed by DA. You need a custom solution here to sync them or use CSF/BFM plugin in Directadmin.
 
You must log in or register to reply here.
Back
Top