Richard G
Verified User
Customer of mine got a temp block in CSF. I discovered becasuse she could not send mail anymore. So I unblocked the temp ip and problem was over.
Now she had some roundcube false logins (11), which were from march!! So she should not be blocked by BMF for this. I have a custom script present for that (an older way to use BFM with CSF).
I checked serveral logs, especially /var/log/lfd.log but the ip was not in there, so CSF did not block her for some triggers.
Only possibility is that DA blocked her due to Bruteforcing. However, she was not bruteforcing.
So I looked into DA and found this:
So it says, last attempt June 11 at 01:39 hours. Which is impossible, because this customer is my sister and she goes to sleep around 22.30 and never leaves things on.
Also when checking all log files, there is nothing to be found with this ip on June 11th. Even the last entry on the same page as this, states 17 march as last entry.
So now my questions:
a.) Why did my sister get a temp block today
b.) Why does it say last attemt June 11th at night time, when nothing is to be found anywhere and my sister is sleeping at those times
c.) Why is this block not logged anywhere?
This is my custom block_ip.sh script:
Which is called by by brute_force_notice_ip.sh:
So this gets a notify from DA's brute force manager. But why is DA sending BFM notices about BF's from march?
Now she had some roundcube false logins (11), which were from march!! So she should not be blocked by BMF for this. I have a custom script present for that (an older way to use BFM with CSF).
I checked serveral logs, especially /var/log/lfd.log but the ip was not in there, so CSF did not block her for some triggers.
Only possibility is that DA blocked her due to Bruteforcing. However, she was not bruteforcing.
So I looked into DA and found this:
| 84.xx.xx.xx | 17 | Jun 11 01:39 | Jun 11 01:39 | Yes | No | IP Info | |
So it says, last attempt June 11 at 01:39 hours. Which is impossible, because this customer is my sister and she goes to sleep around 22.30 and never leaves things on.
Also when checking all log files, there is nothing to be found with this ip on June 11th. Even the last entry on the same page as this, states 17 march as last entry.
So now my questions:
a.) Why did my sister get a temp block today
b.) Why does it say last attemt June 11th at night time, when nothing is to be found anywhere and my sister is sleeping at those times
c.) Why is this block not logged anywhere?
This is my custom block_ip.sh script:
Code:
#!/bin/sh
/etc/csf/csf.pl -td $ip 172800 BFM IP Block
exit 0;Which is called by by brute_force_notice_ip.sh:
Code:
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;So this gets a notify from DA's brute force manager. But why is DA sending BFM notices about BF's from march?