CC_ALLOW Filter and LFD seem not to work

2 posts Page 1 of 1
coryback
Junior Member
Posts: 2
Joined: 22 Feb 2019, 15:22


I've been using CSF for many years and always had good luck using LFD and CC_Deny/Allow, etc. NOW, I migrated my Cpanel server to new hardware, and I can't seem to get the CC_Allow Filter ( I added US,CA only for now) to limit the countries it's allowing access to. I'm getting login attempts from all over the globe.
Secondly, for instance I had 223 SSH login fails since last night and I don't see any additional blocks, perm or temp added to the list. I'm under a significant brute force attack and it looks like LFD isn't monitoring or blocking.
I'll bet there's something I'm missing that's a simple fix, but I've been going through this for a couple days and just can't find it.
Running centos 7.6, cpanel v78.0.11, csf v12.09.
I have tried ip_set both on and off. tried every setting I can think of in the LF area, Should I post my csf.conf?

Thanks in advance for any help.

Cory
coryback
Junior Member
Posts: 2
Joined: 22 Feb 2019, 15:22


I think I found it. Syslog_check was set to zero. Once I toggled it to 3 suddenly I'm getting emails showing the blocks and I stopped getting attempts from other countries.
Didn't think this setting would have this effect.

Thanks for all the help
2 posts Page 1 of 1