new attacks from banned IPs

[mbsmt]

Hi.
I have many blocked IPs in csf with "do not delete" comment. But every day I got notifications from server about new brute force attacks via some of these IPs.
What's the problem ?

[joo003464]

Apologies , I have face same Problem .. .. Please give me solution .. ..

[hostmart]

Have you checked cphulk if enabled
I think it runs before csf checks
and it has a setting to send email when blocking a ip

Cheers
Sean

[mbsmt]

Problem is not sending email hostmart, no IP baned automatically through csf. This is the problem

[hostmart]

It must be a csf setting
what is your permanent deny limit set to.

[mbsmt]

Hostmart, where can I check it exactly? Please tell me where, and I will say what it is.
Thank you for your attention to my problem

[hostmart]

Check the number of denied ips in csf frontend
then to see if it up to the limit
click firewall configuration
in the dropdown box at the top choose general settings
scroll down to DENY_IP_LIMIT , the default is 200
I don't use more than 500 if I can avoid it.

[mbsmt]

Currently I have 88 permanent banned IPs and DENY_IP_LIMIT is set to 200

[hostmart]

That is strange then
A firewall that doesn't block ips is just a log that will make you paranoid.
I know it a stupid question but
at the top of firewall configuration is TESTING set to 0
and did you restart csf after adding ips.
Other settings that could be the problem are in the Login Failure Blocking and Alerts section of firewall configuration.

[mbsmt]

TESTING is set to 0. And I think there is no need to restart csf after each ip blocking. However, I have done it sometimes.