csf ldf not blocking failed login triggers
Posted: 19 May 2008, 14:16
Since the update to csf v 3.30 csf does not block failed login attempts to any service. here is an example of one of the 87 emails I found this morning.
Time: Mon May 19 03:09:16 2008
IP: user (Unknown)
Failures: 6 (pop3d)
Interval: 240 seconds
Blocked: Yes
Log entries:
May 19 03:09:08 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:09 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:10 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:13 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:15 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:15 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
all blocking has and always was set to permanantly block any failed login attempts but now seems to be broken since the last update.
WHM 11.15.0 cPanel 11.18.6-S24255
CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0
any one else experiencing anything similar ?
Time: Mon May 19 03:09:16 2008
IP: user (Unknown)
Failures: 6 (pop3d)
Interval: 240 seconds
Blocked: Yes
Log entries:
May 19 03:09:08 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:09 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:10 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:13 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:15 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
May 19 03:09:15 server pop3d: LOGIN FAILED, user=user, ip=[::ffff:88.159.165.22]
all blocking has and always was set to permanantly block any failed login attempts but now seems to be broken since the last update.
WHM 11.15.0 cPanel 11.18.6-S24255
CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0
any one else experiencing anything similar ?
