I've been using CSF for many years and always had good luck using LFD and CC_Deny/Allow, etc. NOW, I migrated my Cpanel server to new hardware, and I can't seem to get the CC_Allow Filter ( I added US,CA only for now) to limit the countries it's allowing access to. I'm getting login attempts from all over the globe.
Secondly, for instance I had 223 SSH login fails since last night and I don't see any additional blocks, perm or temp added to the list. I'm under a significant brute force attack and it looks like LFD isn't monitoring or blocking.
I'll bet there's something I'm missing that's a simple fix, but I've been going through this for a couple days and just can't find it.
Running centos 7.6, cpanel v78.0.11, csf v12.09.
I have tried ip_set both on and off. tried every setting I can think of in the LF area, Should I post my csf.conf?
Thanks in advance for any help.
Cory
CC_ALLOW Filter and LFD seem not to work
Re: CC_ALLOW Filter and LFD seem not to work
I think I found it. Syslog_check was set to zero. Once I toggled it to 3 suddenly I'm getting emails showing the blocks and I stopped getting attempts from other countries.
Didn't think this setting would have this effect.
Thanks for all the help
Didn't think this setting would have this effect.
Thanks for all the help