Why isn't CC_ALLOW_FILTER blocking everything
Posted: 18 Jan 2024, 00:41
Under CC_ALLOW_FILTER, I have this:
US,MP,PR,CA,TH,GU
But I'm still seeing connections from other countries. For example, I just now received an alert from CSF:
I have 30 IPs that are permanently blocked in csf.deny that should have been blocked by CC_ALLOW_FILTER, but apparently weren't.
Shouldn't these have been blocked before they could even try?
US,MP,PR,CA,TH,GU
But I'm still seeing connections from other countries. For example, I just now received an alert from CSF:
Code: Select all
IP: 185.196.9.119 (CH/Switzerland/-)
Temporary Blocks: 5
Temporary blocks that triggered the permanent block:
Tue Jan 16 21:27:06 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secs
Wed Jan 17 02:36:48 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secs
Wed Jan 17 04:20:24 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secs
Wed Jan 17 16:50:08 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secs
Wed Jan 17 19:28:37 2024 (smtpauth) Failed SMTP AUTH login from 185.196.9.119 (CH/Switzerland/-): 1 in the last 3600 secsShouldn't these have been blocked before they could even try?