System protection

[jim.thornton]

I've installed CSF. It seems to be working well. I get LFD emails quite often showing the following:

Time:     Tue Mar 24 05:22:23 2015 -0400
IP:       79.106.109.191 (AL/Albania/-)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked:  Permanent Block

Log entries:

2015-03-24 05:09:06 login authenticator failed for (USER) [79.106.109.191]: 535 Incorrect authentication data (set_id=test)
2015-03-24 05:12:14 login authenticator failed for (USER) [79.106.109.191]: 535 Incorrect authentication data (set_id=test)
2015-03-24 05:16:58 login authenticator failed for (USER) [79.106.109.191]: 535 Incorrect authentication data (set_id=test)
2015-03-24 05:20:06 login authenticator failed for (USER) [79.106.109.191]: 535 Incorrect authentication data (set_id=test)
2015-03-24 05:22:18 login authenticator failed for (USER) [79.106.109.191]: 535 Incorrect authentication data (set_id=test)

CSF / LFD seems to work for smtpauth and pop3d. I've received 56 email alerts from LFD since February 23rd. All but 5 were for smtpauth and the other 5 were for pop3d.

I don't seem to be getting emails for any other services though. I know for example DA detected on the 23rd of March 36 login attempts from one IP address to pure-ftp. I have it setup to run a script to manually block the IP. But, I would like to get CSF configured so that it is working on it's own and DA is a backup.

Why would some services be working with CSF and not others?

Also... I know that this is not CSF support forums, but on the CSF forums I never get a response, and I figure enough people here use it that someone might be able to help.