I usually receive a minimum of 50 LFD blocked alerts a day, but yesterday I noticed a sudden decrease to only a handful. This seems like an anomaly, so I am a bit concerned. I haven’t made any changes to the Firewall configuration (except for PT_Usermem) and I’m not seeing any major changes in my server activity. In short, I don’t know if this is a problem or not. Just wondering if anyone has experienced this before and if I need to do more investigation. I checked the error logs and I’m not seeing any errors other than a CC error asking for a license key for MaxMind databases. I’m a newbie to CSF, I took over this server from my deceased husband last year. I’m still getting the usual alerts for WHM access, SSH access, Suspicious process/Excessive process..etc..,
Anyone know what’s happening?
Sudden decrease in LFD blocked alerts
Re: Sudden decrease in LFD blocked alerts
If you are not receiving alerts means that CSF has blocked the IPs that are trying to do bad things to your server, so, that is a good sign that CSF is doing its work and the attacks have ceased for a while.