[CSF] csf.dyndns VS BFM

O

Ohm J

Verified User
Joined
Aug 16, 2019
Messages
1,576
Hi,

I have the problem BFM blocked my IP without notice for around 2-3 years while I have "csf.dyndns" config. Since I have allowed list, I still can access server without interrupt.
Anyone have same problem with me ?

For workaround, I just disabled block option in directadmin administrator setting, and let's CSF scan logs from "./directadmin/data/admin/brute_log_entries.list"

combined with csf extra scan options "/etc/csf/csf.logfiles" and "/etc/csf/regex.custom.pm".
 
Ohm J said:
I have the problem BFM blocked my IP without notice for around 2-3 years while I have "csf.dyndns" config.
Click to expand...
Those are 2 different things. CSF does have a csf.dyndns config while BFM is the brute force monitor from DA which does not have dynamic whitelist. Which most likely also causes the "without notice", because CSF can send block notices.

I have seen that happening before, but not often anymore as most people have a fairly static ip address.

Also there must be a reason why DA is blocking the ip, so some root cause. Normally (sometimes with some difficulty) this root cause must be found and then the issue should be gone.


For this reason, in the very beginning, I also whitelisted another server of mine, so when I got blocked, I'm still able to access the server via SSH from that other server so I can't block my self totally. Still using this method just to be sure, in spite of the fact that the ip is considered almost static.

You're workaround seems good to me, that is exactly where custom CSF logs are ment for.
 
Yeah, I just playing with modsecurity rules from time to time.

Since csf have problem detection on modsecurity, I leave BFM open for prevemt logs flooding.

Imagine you can access server while seeing your IP in "csf.deny", that's make me confuse. 😂

there have some people like me just whilelist their IP, due they might do some crazy thing on their server. so it could notice them when they come into this forum and create threads question like this.
 
Last edited:
Ohm J said:
Imagine you can access server while seeing your IP in "csf.deny", that's make me confuse. 😂
Click to expand...
Hahahaha yeah I haven't seen that for some time either, indeed confusing. :D

Playing with modsecurity can get you there indeed. I got in there the same way, playing around and testing, so I'm very glad to have a kind of static ip since then.
 
You must log in or register to reply here.
Back
Top