csf version 4.80 : IPs not blocked
Posted: 20 Oct 2009, 13:10
I'm seeing the same behaviour on all servers running csf 4.80 :
An IPs triggers csf, it gets added to /etc/csf.deny, but it is not blocked :
[14:01:51] root@hetz81 [~]# grep 67.218.xxx.xxx /etc/csf/csf.deny
TCP:IN:D=80:S=67.218.xxx.xxx # lfd: 5 (mod_security) login failures from 67.218.xxx.xxx in the last 300 secs - Tue Oct 20 04:37:45 2009
TCP:IN:D=443:S=67.218.xxx.xxx # lfd: 5 (mod_security) login failures from 67.218.xxx.xxx in the last 300 secs - Tue Oct 20 04:37:45 2009
[14:04:07] root@hetz81 [~]# csf -g 67.218.xxx.xxx
Chain num pkts bytes target prot opt in out source destination
No matches found for 67.218.xxx.xxx in iptables
Looks like a case sensitive issue ? TCP:IN:D should be tcp:in:d, right ?
An IPs triggers csf, it gets added to /etc/csf.deny, but it is not blocked :
[14:01:51] root@hetz81 [~]# grep 67.218.xxx.xxx /etc/csf/csf.deny
TCP:IN:D=80:S=67.218.xxx.xxx # lfd: 5 (mod_security) login failures from 67.218.xxx.xxx in the last 300 secs - Tue Oct 20 04:37:45 2009
TCP:IN:D=443:S=67.218.xxx.xxx # lfd: 5 (mod_security) login failures from 67.218.xxx.xxx in the last 300 secs - Tue Oct 20 04:37:45 2009
[14:04:07] root@hetz81 [~]# csf -g 67.218.xxx.xxx
Chain num pkts bytes target prot opt in out source destination
No matches found for 67.218.xxx.xxx in iptables
Looks like a case sensitive issue ? TCP:IN:D should be tcp:in:d, right ?