ConfigServer Community Forum

Posted: **10 Feb 2013, 18:32**

Hello,

I have searched the forum, Google and everything I can think of trying to find the answer to my problem so I am hoping you can help.

We updated our CSF to the latest version about 3 days ago. On our server, we host a browser based game that in some cases require users to F5 (refresh) many times. When the user does this about 7 times, it stops that IP from being able to connect to the server, so users will get an error saying the page cannot be displayed. I think the firewall could be mistaking this as an attack. What can I change in the configuration file to stop this from occurring?

Thank you!

Posted: **10 Feb 2013, 22:58**

You need to post the lfd logfile then, which will shoe you why someone has been blocked if csf/lfd is responsible - how else is someone going to be able to help, and what on earth have you googled for without even knowing the problem?
I suspect CONNLIMIT or PORTFLOOD, but this is of course impossible to say without knowing the problem.

Posted: **10 Feb 2013, 23:09**

Here is the last 300 in a pastebin.

http:// pastebin. com/R5Yax8qs

Posted: **10 Feb 2013, 23:12**

Also it appears in the config file that PORTFLOOD and the other thing is set to blank, so more and likely they are not running.

Posted: **12 Feb 2013, 01:07**

Code: Select all

Feb 10 03:58:00 mafiahitter lfd[11652]: *Port Scan* detected from 74.200.95.42 (US/United States) 11 hits in the last 125 seconds - *Blocked in csf* for 3600 secs [PS_LIMIT]

It's Port Scan

ConfigServer Community Forum

Firewall Temp Bans IP After Many Refreshes

Firewall Temp Bans IP After Many Refreshes

Re: Firewall Temp Bans IP After Many Refreshes

Re: Firewall Temp Bans IP After Many Refreshes

Re: Firewall Temp Bans IP After Many Refreshes

Re: Firewall Temp Bans IP After Many Refreshes