ConfigServer Security & Firewall - csf v3.41
WHM 11.23.2 cPanel 11.23.4-R26138
CENTOS Enterprise 5 x86_64 on standard - WHM X v3.1.0
lfd is blocking after 1 login failure!
An example - per the email alert I got is
Time: Sun Aug 17 00:28:13 2008 -0400
IP: xxxxx - removed
Failures: 1 (pop3d)
Interval: 5 seconds
Blocked: Yes
Log entries:
Aug 17 00:28:09 s6 pop3d: LOGIN FAILED, user=xxx@xxx
ip=xxxxxx
My configuration for pop3 is certainly not 1 failure -
# [*]Enable login failure detection of courier pop3 connections. This will not
# trap the older cppop daemon
LF_POP3D = "10"
LF_POP3D_PERM = "86400"
My config should allow for 10 failures then block any further attempts for a day.
I have also noted exactly the same thing with ssh logins - 1 failure, then blocked, when SSH is set to 5 login attempts.
This worked just fine with V 3.39, but since updating to 3.41 this is the behaviour I am experiencing. Is there some other setting that I have missed that is causing this?