Hi,
I have problem that LFD (Login Failure Detection), part of plugin CSF Firewall doesn't block any unwanted activity.
My config (almost all default):
Brute Force Monitor very often send emails about failure logins (hundreds tries), but LFD doesn't block it. I also tried by myself login to ssh with wrong password. I wasn't blocked and my IP wasn't white listed.
I have two servers and on both is the same situation. I don't have any idea why it all happened.
Csf.pignore:
I have problem that LFD (Login Failure Detection), part of plugin CSF Firewall doesn't block any unwanted activity.
My config (almost all default):
Code:
LF_DEAMON = 1
LF_TRIGGER = 0
LF_TRIGGER_PERM = 1
LF_SELECT = 0
LF_EMAIL_ALERT = 1
LF_SSHD = 5
LF_SSHD_PERM = 1
LF_FTPD = 10
LF_FTPD_PERM = 1
Brute Force Monitor very often send emails about failure logins (hundreds tries), but LFD doesn't block it. I also tried by myself login to ssh with wrong password. I wasn't blocked and my IP wasn't white listed.
I have two servers and on both is the same situation. I don't have any idea why it all happened.
Csf.pignore:
Code:
exe:/usr/sbin/named
exe:/usr/sbin/exim
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/libexec/hald-addon-acpi
exe:/usr/sbin/hald
exe:/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/anvil
exe:/usr/local/directadmin/directadmin
exe:/usr/local/directadmin/dataskq
exe:/usr/sbin/httpd
user:mysql
user:postgres
user:myusername
user:dovecot
cmd:/usr/sbin/dovecot
cmd:/sbin/portmap
Last edited: