ConfigServer Community Forum

Posted: **28 Oct 2012, 16:22**

Hi Sirs,

I used this product for more than 3 years and never happened this. Since yesterday and after my CSF upgraded form vers-5.65 to 5.66 my csf.deny file doesnt accept any more lines, showing this lots of messages in my lfd-log:

Oct 28 06:44:07 moche lfd[12889]: *Error*: csf output: deny failed: tcp|in|d=22|s=37.55.225.145 is in already in the deny file /etc/csf/csf.deny 68 times
Oct 28 06:44:07 moche lfd[12889]: (sshd) Failed SSH login from 37.55.225.145 (UA/Ukraine): 4 in the last 3600 secs - *Blocked in csf* port=22 [LF_SSHD]
Oct 28 06:44:12 moche lfd[12921]: *Error*: csf output: deny failed: tcp|in|d=22|s=37.55.225.145 is in already in the deny file /etc/csf/csf.deny 68 times
Oct 28 06:44:12 moche lfd[12921]: (sshd) Failed SSH login from 37.55.225.145 (UA/Ukraine): 4 in the last 3600 secs - *Blocked in csf* port=22 [LF_SSHD]
...... more than 36 messages like this ........

Oct 28 08:02:46 moche lfd[18267]: (sshd) Failed SSH login from 64.31.20.117 (US/United States/): 4 in the last 3600 secs - *Blocked in csf* port=22 [LF_SSHD]
Oct 28 08:02:51 moche lfd[18329]: *Error*: csf output: deny failed: tcp|in|d=22|s=64.31.20.117 is in already in the deny file /etc/csf/csf.deny 68 times
Oct 28 08:02:53 moche lfd[18329]: (sshd) Failed SSH login from 64.31.20.117 (US/United States/): 4 in the last 3600 secs - *Blocked in csf* port=22 [LF_SSHD]
...... more than 81 messages like this ........

I´v restarted CSF twice and erase all of olders csf.deny entries but doest works, it´s like csf.deny file doesnt roll new entries and discard oldiers. Ive keep configured to keep 120 of last SSH login failures (port 22) and works fine after CSF upgraded.

I appreciate all of your suggestions.

regards

FER

Posted: **28 Oct 2012, 16:54**

Have you set LF_REPEATBLOCK to something other than 0? If so what did you set it to and what is DENY_IP_LIMIT set to?

Posted: **28 Oct 2012, 17:01**

We've found an issue in the code and will look to fixing this shortly.

Posted: **28 Oct 2012, 17:19**

ForumAdmin wrote:Have you set LF_REPEATBLOCK to something other than 0? If so what did you set it to and what is DENY_IP_LIMIT set to?

Hi Sir,

Thank you for your assistance, ok here is my values:

LF_REPEATBLOCK = [ 0 ] --- I´ve never touch this option
DENY_IP_LIMIT = [ 110 ] --- I have 10 lines in "do not delete" mode and the other 100 scroll by time

FER

Posted: **28 Oct 2012, 17:27**

ForumAdmin wrote:We've found an issue in the code and will look to fixing this shortly.

Hi Sirs!

Thank you for working in this issue. At this time I changed LF_SSHD_PERM option from [ 1 ] value (blocked permanently) to [ 21600 ] (blocked temporarily) to avoid the too much messages rejecting SSH atacks.

regards,

FER

Posted: **28 Oct 2012, 17:38**

This should hopefully be fixed in v5.67 which we have just released:
http://blog.configserver.com/index.php?itemid=682

ConfigServer Community Forum

csf.deny doesnt accept any more lines

csf.deny doesnt accept any more lines

Re: csf.deny doesnt accept any more lines

Re: csf.deny doesnt accept any more lines

Re: csf.deny doesnt accept any more lines

Re: csf.deny doesnt accept any more lines

Re: csf.deny doesnt accept any more lines