I cannot reproduce this on any other servers, but am not sure where to go with this. LFD is detecting brute forces fine and logs that it is blocking the IP:
Oct 28 17:06:44 dalgarno lfd[1702]: (sshd) Failed SSH login from 112.95.75.195 (CN/China/-): 5 in the last 300 secs - *Blocked in csf* [LF_SSHD]
However, the IP does not end up in IPTABLES nor does an entry get written to /etc/csf/csf.deny
I have updated and even reisntalled CSF but the behavior continues.
What is interesting though is that running csf -d 1.2.3.4 works as expected, blockign the IP and putting the appropriate entry in the deny file.
49.89.143.182 # Manually denied: 49.89.143.182 (CN/China/-) - Fri Oct 28 15:58:57 2022
Any idea what could be causing this? Its
CentOS Linux release 7.9.2009
cPanel version 106.0.9
Imunify360 6.7.2-2
Nothing too unusual about the set up