ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Deferred Login Blocking

https://mail.forum.configserver.com/viewtopic.php?t=6241

Page 1 of 1

Deferred Login Blocking

Posted: 14 Feb 2013, 18:49
by sparek
Should LFD be blocking DEFERRED LOGIN attempts in /usr/local/cpanel/logs/login_log?

We recently had a situation where a large number of these entries were being logged and it was raising the server load on the server. However, LFD wasn't blocking them, and looking through the code, I don't guess it is suppose to.

Is this something was overlooked in LFD's development or is it not suppose to block them? Or is there a reason not to block them.

The log entries appear as:

Code: Select all

xx.xx.xx.xx - user@domain.com [02/14/2013:11:12:43 -0000] "GET /cpsess7962685239/3rdparty/roundcube/?_task=mail&_action=check-recent&_mbox=INBOX HTTP/1.1" DEFERRED LOGIN webmaild: security token incorrect

Re: Deferred Login Blocking

Posted: 20 Mar 2013, 16:05
by sparek
Anyway to disable this?

Apparently this causes issues with people who don't believe in logging out of webmail and then just let their computer hibernate or suspend. I honestly don't know what they are doing, but it appears to be affecting some users. Anybody else seeing similar issues?

There's just no pleasing everybody.

Re: Deferred Login Blocking

Posted: 20 Mar 2013, 17:12
by ForumAdmin
For now you will need to modify /etc/csf/regex.pm from:

Code: Select all

#cPanel/WHM
        if (($config{LF_CPANEL}) and ($lgfile eq $config{CPANEL_LOG}) and ($line =~ /^(\S+) - (\S+)? \[\S+ \S+\] \"[^\"]*\" (FAILED|DEFERRED) LOGIN/)) {
to:

Code: Select all

#cPanel/WHM
        if (($config{LF_CPANEL}) and ($lgfile eq $config{CPANEL_LOG}) and ($line =~ /^(\S+) - (\S+)? \[\S+ \S+\] \"[^\"]*\" FAILED LOGIN/)) {
We'll look at making this change permanent for the next release due to the risk of false-positives.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited