DirectAdmin CSF Automatically Blocks My IP

[Sakamoto Ryōma]

Hello

For about a week, one of my servers blocks my IP address after using the DirectAdmin panel for about a couple of minutes.

I thought it was related to our dynamic IP internet connection, but I also tried with my mobile phone's internet which should be pretty much isolated. It also got blocked.

I thought about malware on my computer (macOS), I tried Avast, but nothing was found.

DirectAdmin is the latest version and CSF is enabled.

 

[ericosman]

Maybe you have for example outlook that is trying to login into an email account with the wrong credentials?
But check /etc/csf/csf.deny
And find your ip with the reason

 

[Richard G]

Also check your /var/log/lfd.log just to be sure.

If can also be Directadmin activating the CSF block, so also check the directadmin BFM logs, which can also be done via the GUI normally.

 

[Sakamoto Ryōma]

Thank you very much, I feel stupid but it was because of a forgotten-to-setup email address when moving a domain.

 

[ericosman]

@selim well, it can happen to everyone. Now you know what to see the next time.

 

[Sakamoto Ryōma]

I used DirectAdmin for a long time but I mostly used third-party email services like Google and Yandex. So I don't have that much experience on the email side.

 

[esepulvedah]

Dear

The same thing happens to me but with two servers, I have two vps with Directadmin, almost recently configured, and when I am in the panel about 20 minutes it blocks my ip, it happens to me in both panels, it has driven me crazy.
I do not want to disable csf ,
but reviewing the logs I found a modsecurity rule that integrates with csf, is the time in which a rule is activated modsec, ose can be activated 5 times in 1 hour, if it succeeds it is blocked, then I reduce it to 20 minutes, if it is not activated 5 times in that time starts from zero, so far this is my solution in csf
LF_MODSEC = “7”.
LF_MODSEC_PERM = “1200” # OR INCREASE TO “10” IF THERE ARE TOO MANY FALSE POSITIVES.