lfd keeps blocking IP

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
bofla
Junior Member
Posts: 2
Joined: 22 Jan 2008, 21:29

lfd keeps blocking IP

Post by bofla »

latest version v3.39

[root@liber www]# grep 24.166.55.38 /var/log/lfd.log|grep htpass
Tue Jul 29 20:16:20 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=80
Tue Jul 29 20:16:21 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=443
Tue Jul 29 21:08:07 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=80
Tue Jul 29 21:08:07 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=443
Tue Jul 29 21:10:24 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=80
Tue Jul 29 21:10:24 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=443
Tue Jul 29 21:16:01 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=80
Tue Jul 29 21:16:01 2008 lfd: 5 (htpasswd) login failures from 24.166.55.38 - *Blocked in csf* port=443
[root@liber www]# iptables -nL|grep 24.166.55.38
ACCEPT all -- 24.166.55.38 0.0.0.0/0
DROP tcp -- 24.166.55.38 0.0.0.0/0 tcp dpt:443
DROP tcp -- 24.166.55.38 0.0.0.0/0 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 24.166.55.38
[root@liber www]#

IP is in csf.allow file but lfd doesn't see that and tries to block it again and again (my guess). Adding it to csf.ignore would help, but are two entries really necessary ?

How does lfd actually checks for failed password attempts ?
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

http://www.configserver.com/techfaq/index.php?faqid=3
Top
Post Reply

Return to “Report Bugs (csf)”