new attacks from banned IPs

[hostmart]

You may have to wait until someone with more knowledge than me to answer
In the mean time if this is a major worry
My suggestion is to use cphulk as well as csf and
whitelist your ip address in cphulk
then tighten the cphulk settings
I have had large botnet attacks and the combination of cphulk and csf has saved my ass.

[mbsmt]

Where can I find cphulk settings? I could not find it in firewall configuration page.

[hostmart]

Its not part of the firewall look in Cpanel security menu 3rd section from top
cphulk default settings are ok for most of the time, but when a attack starts filling the
fire wall too quickly, the settings below work for me but you must whitelist your ip.

IP Based Brute Force Protection Period in minutes: 30
Brute Force Protection Period in minutes: 10
Maximum Failures By Account: 14
Maximum Failures Per IP: 4
Maximum Failures Per IP before IP is blocked for two week period: 10

[mbsmt]

I'm using DirectAdmin. When csf is installed on server, all security responsibilities move from DA to csf.

[hostmart]

Unfortunately I have no experience with DA
you may have to open a support ticket .

[mbsmt]

Thank you Hostmart for your kindly answers and attentions.

[hostmart]

DA has Brute Force Monitor
http://directadmin.com/features.php?id=1227
With csf
http://forum.directadmin.com/showthread.php?t=44839

[Sergio]

@ mbsmt,
please post the line in csf.deny with the "no delete" and please post some of the logs for the IPs that were not blocked after you wrote the rule in csf.

[mbsmt]

@ Sergio:
line with no delete comment:
202.142.165.14 # do not delete - lfd: (smtpauth) Failed SMTP AUTH login from 202.142.165.14 (PK/Pakistan/202-142-165-14.multi.net.pk): 5 in the last 3600 secs - Sun Feb 16 07:53:31 2014

for what you asked me about that IPs, i need a new attack with such problem to report it to you.

[Sergio]

Now, please do a search in CSF to see if the IP is listed there and show the IPTABLE rules where the IP is.