LFD-triggered temporary block failed to be removed

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
Root
Junior Member
Posts: 8
Joined: 07 Jan 2007, 10:04
Location: Houston, Texas, U.S.A.
Contact:
Contact Root

LFD-triggered temporary block failed to be removed

Post by Root »

Hello,

With v3.43 of CSF I have been seeing that an IP address may not always be removed from iptables/csf after the temporary time span has elapsed. The IP address is blocked for triggering LFD from failed logins; here is a more descriptive log report from LFD:
(I''ve replaced the last octet with an X.)
# grep -i 72.226.154.X /var/log/lfd.log
Tue Sep 2 21:42:18 2008 lfd: Failed cPanel login from 72.226.154.X - 1 failure(s) in the last 80 secs
Tue Sep 2 21:42:46 2008 lfd: Failed cPanel login from 72.226.154.X - 2 failure(s) in the last 120 secs
Thu Sep 4 11:00:10 2008 lfd: Failed cPanel login from 72.226.154.X - 1 failure(s) in the last 55 secs
Thu Sep 4 11:00:25 2008 lfd: Failed cPanel login from 72.226.154.X - 2 failure(s) in the last 60 secs
Thu Sep 4 11:00:25 2008 lfd: Failed cPanel login from 72.226.154.X - 3 failure(s) in the last 60 secs
Thu Sep 4 11:00:25 2008 lfd: Failed cPanel login from 72.226.154.X - 4 failure(s) in the last 60 secs
Thu Sep 4 11:00:25 2008 lfd: Failed cPanel login from 72.226.154.X - 5 failure(s) in the last 60 secs
Thu Sep 4 11:00:25 2008 lfd: 5 (cpanel) login failures from 72.226.154.X - *Blocked in csf* for 1200 secs
Thu Sep 4 11:00:25 2008 lfd: alert email sent for 72.226.154.X
Thu Sep 4 11:20:26 2008 lfd: 72.226.154.X temporary block removed

It was 2:40 p.m. (14:40 hours) when I found the IP via the search function in CSF's GUI as it was still blocked in iptables.

Please let me know if you need more than the provided csf.conf entries or if a copy of them all; I've attached what I believe are the most relevant (LF_).
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Did this happen to occur just after upgrading to v3.43? If so, then there was a change in the cPanel port blocks that could have caused this. If not, then I'd also need to iptables output including the chain for the leftover rule to investigate any further.
Top
Root
Junior Member
Posts: 8
Joined: 07 Jan 2007, 10:04
Location: Houston, Texas, U.S.A.
Contact:
Contact Root

Re: LFD-triggered temporary block failed to be removed

Post by Root »

chirpy wrote:Did this happen to occur just after upgrading to v3.43? If so, then there was a change in the cPanel port blocks that could have caused this. If not, then I'd also need to iptables output including the chain for the leftover rule to investigate any further.
Hello,

This was a fresh install of v3.43, though I thought about grabbing a copy of the current rules only after I had just removed the block; I will be sure to obtain a copy of the iptables output if or when this occurs again.

Thank you for the timely response. :)
Top
Post Reply

Return to “Report Bugs (csf)”