Hi guys, I'm new here, but I've been using CSF for many years! Over 2024, there has been a surge in Internet attacks and I've recently discovered something with my CSF install that I think is weird and wanted your opinion and eventually maybe a suggestion to mitigate the issue:
In my config, I have:
LF_TRIGGER = 0
LF_APACHE_404 = 200
LF_APACHE_404_PERM = 3600 (1 hour)
LF_INTERVAL = 300 (5 minutes)
But then sometimes the server becomes slow and when I check the logs, I see a single IP address requesting over 10,000 files in less than 3 minutes. How is this possible? From my understanding, CSF should block that IP for 1 hour... right?