LOGDROPOUT Chain not Logging
Posted: 24 Nov 2013, 06:17
Recently started using CSF/LFD on a new server (physical) and so far it has been a real gem. Using the latest version 6.37 in a WHM/cPanel environment. Got hit today by a number of sshd login attempts, nothing unusual, but when they eventually went away I noticed that one of the blocked IPs keeps hitting the DENYOUT chain. As per:
This has been steadily incrementing for over an hour, 1 packet every two minutes. I ran csf -w 190.91.71.77 after putting CSF into watch mode but no other chains reported any hits at all. The other thing is that even though DENYOUT is supposed to log, nothing is showing up in the log.
Anyone seen anything like this before? I'm probably just not understanding what is going on, a push is the right direction would be appreciated.
Code: Select all
# csf --grep 190.91.71.77
Chain num pkts bytes target prot opt in out source destination
DENYIN 27 0 0 DROP all -- !lo * 190.91.71.77 0.0.0.0/0
DENYOUT 27 5 620 LOGDROPOUT all -- * !lo 0.0.0.0/0 190.91.71.77
ip6tables:
Chain num pkts bytes target prot opt in out source destination
No matches found for 190.91.71.77 in ip6tables
csf.deny: 190.91.71.77 # lfd: 190.91.71.77 (CL/Chile/client-190-91-71-77 . imovil . entelpcs . cl), 3 distributed sshd attacks on account [root] in the last 3600 secs - Sun Nov 24 14:46:22 2013Anyone seen anything like this before? I'm probably just not understanding what is going on, a push is the right direction would be appreciated.