ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

cdir block denied still triggers temp ip blocking emails

https://mail.forum.configserver.com/viewtopic.php?t=1488

Page 1 of 1

cdir block denied still triggers temp ip blocking emails

Posted: 20 Jul 2008, 17:25
by wolf
I have noticed that when a cdir address (eg.67.210.3.1/24) is blocked in the csf deny list, continued hammering by ips within that subnet still trigger the csf temp ban emails. (eg. 67.210.3.66, and 67.210.3.69 will trigger temp bans if hammering even after subnet is denied.)

this could give an attacker a way to flush out the temp ban list even if the "flushing" subnet has benn permanentely banned
using centos enterprise 4.x
apache 2.x
cpanel 11.x

Posted: 22 Jul 2008, 10:47
by chirpy
What setting do you have for DROP_IP_LOGGING? It should be set to 0.

Posted: 22 Jul 2008, 15:24
by wolf
oh ok I see now lol.
I had DROP_IP_LOGGING set to 1 just so we could see if one of our clients custom apps might require a specific port. I guess we will just put up with the numerous emails fo now :)
thanks chirpy
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited