cPHulk not able to add to iptables
Posted: 30 Aug 2016, 11:22
Good morning,
Occasionally we receive a dozen or so notifications from cPHulk that it detected a brute force attack and tried to block the IP. These messages all typically occur within a minute or two which doesn't make sense since we're set to apply a 15 minute temporary ban at first detection. Reviewing the cPHulk logs I see that iptables is often unavailable when cPHulk tries to update it.
What would cause this and how would I prevent it?
thanks,
Dean
cphulkd_errors.log:[2016-08-29 21:28:50 -0400] info [cphulkd] 49686 Error while attempt to block IP: 81.28.96.74: [iptables] /sbin/iptables --append cphulk --source 81.28.96.74 --match state --state NEW --match time --utc --datestop 2016-08-30T01:43:50 --jump DROP failed: iptables: Resource temporarily unavailable.
cphulkd_errors.log:[2016-08-29 23:00:03 -0400] info [cphulkd] 149715 Error while attempt to block IP: 81.28.96.74: [iptables] /sbin/iptables --append cphulk --source 81.28.96.74 --match state --state NEW --match time --utc --datestop 2016-08-30T03:15:03 --jump DROP failed: iptables: Resource temporarily unavailable.
cphulkd.log:[2016-08-29 21:28:50 -0400] info [cphulkd] 49686 Login Blocked: IP reached maximum auth failures [Service]=[smtp] [Local IP Address]=[1.2.3.4] [Remote IP Address]=[81.28.96.74] [Authentication Database]=[mail] [Username]=[info@[domain].com] (30/30 failures) (blocked until [Tue Aug 30 01:43:50 2016 UTC/Mon Aug 29 21:43:50 2016 LOCAL])
Occasionally we receive a dozen or so notifications from cPHulk that it detected a brute force attack and tried to block the IP. These messages all typically occur within a minute or two which doesn't make sense since we're set to apply a 15 minute temporary ban at first detection. Reviewing the cPHulk logs I see that iptables is often unavailable when cPHulk tries to update it.
What would cause this and how would I prevent it?
thanks,
Dean
cphulkd_errors.log:[2016-08-29 21:28:50 -0400] info [cphulkd] 49686 Error while attempt to block IP: 81.28.96.74: [iptables] /sbin/iptables --append cphulk --source 81.28.96.74 --match state --state NEW --match time --utc --datestop 2016-08-30T01:43:50 --jump DROP failed: iptables: Resource temporarily unavailable.
cphulkd_errors.log:[2016-08-29 23:00:03 -0400] info [cphulkd] 149715 Error while attempt to block IP: 81.28.96.74: [iptables] /sbin/iptables --append cphulk --source 81.28.96.74 --match state --state NEW --match time --utc --datestop 2016-08-30T03:15:03 --jump DROP failed: iptables: Resource temporarily unavailable.
cphulkd.log:[2016-08-29 21:28:50 -0400] info [cphulkd] 49686 Login Blocked: IP reached maximum auth failures [Service]=[smtp] [Local IP Address]=[1.2.3.4] [Remote IP Address]=[81.28.96.74] [Authentication Database]=[mail] [Username]=[info@[domain].com] (30/30 failures) (blocked until [Tue Aug 30 01:43:50 2016 UTC/Mon Aug 29 21:43:50 2016 LOCAL])