New csf v2.84 - not adding blocked IP's to deny list?
Posted: 13 Jul 2007, 18:28
I just downloaded / installed New csf v2.84 (released just this morning) and I've noticed something very odd.
Instead of actually putting the ip address of a brute forcer in the Deny list (like it normally would), LFD just keeps sending me alerts s every 4 minutes saying it's denying the user, but it never adds their IP to the Deny list and I have to go in and do it manually to stop them.
For example, here are just a few of the many emails I've received during the past hour since I upgrade to 2.84 - notice the time stamps and it's the same IP address over and over:
To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:04:05 -0500
Time: Fri Jul 13 11:04:05 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 80 seconds
Blocked: Yes
Log entries:
Jul 13 11:03:12 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:14 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:16 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:18 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:47 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:48 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:04:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:04:05 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:08:08 -0500
Time: Fri Jul 13 11:08:08 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 100 seconds
Blocked: Yes
Log entries:
Jul 13 11:06:54 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:32 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:47 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:51 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:53 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:57 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:08:01 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:08:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:11:13 -0500
Time: Fri Jul 13 11:11:13 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 35 seconds
Blocked: Yes
Log entries:
Jul 13 11:10:38 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:40 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:44 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:46 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:52 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:56 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:11:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:11:10 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
I received at least 10 more until I went in and did a Quick Deny for 210.112.222.xx and then it stopped.
Could this be a bug? Or did something change in the new CSF that I need to adjust?
Anyone else experiencing this?
Thanks!
Instead of actually putting the ip address of a brute forcer in the Deny list (like it normally would), LFD just keeps sending me alerts s every 4 minutes saying it's denying the user, but it never adds their IP to the Deny list and I have to go in and do it manually to stop them.
For example, here are just a few of the many emails I've received during the past hour since I upgrade to 2.84 - notice the time stamps and it's the same IP address over and over:
To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:04:05 -0500
Time: Fri Jul 13 11:04:05 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 80 seconds
Blocked: Yes
Log entries:
Jul 13 11:03:12 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:14 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:16 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:18 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:47 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:03:48 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:04:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:04:05 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:08:08 -0500
Time: Fri Jul 13 11:08:08 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 100 seconds
Blocked: Yes
Log entries:
Jul 13 11:06:54 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:32 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:47 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:51 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:53 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:07:57 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:08:01 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:08:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
To: root@(server hostname).(mycompany).net
Subject: lfd: blocked 210.112.122.xx (Unknown)
From: <root@(server hostname).(mycompany).net>
Date: Fri, 13 Jul 2007 11:11:13 -0500
Time: Fri Jul 13 11:11:13 2007
IP: 210.112.122.xx (Unknown)
Failures: 8 (ftpd)
Interval: 35 seconds
Blocked: Yes
Log entries:
Jul 13 11:10:38 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:40 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:44 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:46 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:52 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:10:56 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:11:04 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
Jul 13 11:11:10 (server hostname) pure-ftpd: (?@210.112.122.xx) [WARNING] Authentication failed for user [Administrator]
I received at least 10 more until I went in and did a Quick Deny for 210.112.222.xx and then it stopped.
Could this be a bug? Or did something change in the new CSF that I need to adjust?
Anyone else experiencing this?
Thanks!
)