CSF + LFD and bruteforce monitor

[soulshepard]

CSF + LFD and bruteforce monitor vs APF+BFM(r-fx)

dear all,

as we try to implement CSF + LFD we notice that it does also the same as what the bruteforce monitor of directadmin does. ( for using the detection, i know CSF is also an iptables firewall but i do not talk about this, only the LFD part)

so when using CSF + LFD then bruteforce monitor is not needed?
or do they compliment each other in more area's?

as both solutions parse the logs, notify and block..

Thanks

Soul.

 

[mmx]

Hi, keep it simple and stick to one system to minimize headaches. In this case, if you have CSF running, stick with it as it offers a lot more features than BFM.

 

[Richard G]

I would use the BFM of DA too, because CSF/LFD misses a lot of BF attempts to the mailserver, which the BFM detects.

 

[soulshepard]

ok thank you for your reply.

i did notice the BFM amount of alerts. tried also to combine it with iptables blocks. but as i read combining ti with CSF+LFD would not bee that difficult.
as long as you let CSf be the firewall. one disadvantage i see in CSF it that it only supports one interface!!..

while APF does (http://www.rfxn.com/projects/) but no nive da interface.. the thing is would you really need a DA interface for the firewall...
and also they have a BFM..( bruteforce monitor) has anyone experience with these?

Thanks

 

[SeLLeRoNe]

If i can say my opinion, im using CSF+LFD+BFM and is going pretty fine with the script you can find on this forum, everytime BFM notice an attempt and send notification the script will call CSF to ban the IP.

I think, that is working pretty good.

Regards

 

[soulshepard]

indeed, we run it now for a while too and it looks good. i do miss some CSF features like bogus network on seperate interfaces and to enter an interface definition in the csf.allow now in the config you have default ports and you can add specials in the csf.allow but all is based on source/dest adresses and they count for all interfaces. and i have multiple interfaces on a few boxes also internal networks. ;( but further more this is a powerfull combination

 

[gadgetsguy]

I have found that CSF does not play nicely with OpenVZ virtualization ....

I have some servers using XEN, and there seems to be no problem ...

Does anybody have a workaround for using CSF with OpenVZ?

thanx!
Tim

 

[zEitEr]

Does anybody have a workaround for using CSF with OpenVZ?

And what troubles you? I've got running CSF in OpenVZ container.