tons of mails with same IP blocked

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
Gizzmo
Junior Member
Posts: 4
Joined: 07 Nov 2008, 05:46

tons of mails with same IP blocked

Post by Gizzmo »

Hello,

i get a lot of mails ( more than 200 this time ) with the same IP blocked like:

Time: Fri Nov 7 06:43:55 2008 +0100
IP: XXX.XXX.xXX.XXX
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Yes

The IP is already blocked in csf. But i won`t stop sending mails.

Any suggestion?

Regards Frank
prabudh
Junior Member
Posts: 33
Joined: 10 Dec 2006, 13:05
Location: India
Contact:

Post by prabudh »

Are you running ssh on default port (22, not recommended),

with so many failures i would certainly change the SSH port to a new one.
Gizzmo
Junior Member
Posts: 4
Joined: 07 Nov 2008, 05:46

Post by Gizzmo »

Hello prabudh,

yes. port is 22. I need this for Account Transfers..
But why will there be sent so much mails if IP is allready blocked?
I think, if an IP is blocked, it could not / must not be blocked 100 times more?

Regards Frank
TDE
Junior Member
Posts: 2
Joined: 07 Nov 2008, 10:02

Post by TDE »

Gizzmo .... I also have the same thing occurring. I believe that the system is notifying us of everytime the ip in question is attempting to access our servers and that the attempt was blocked. I have found that by entering the IP into the C-Panel IP Deny Manager, the e-mails stop. Please anyone else .... correct me if my assumptions are incorrect .... I am really very, very new to servers and am just trying to learn myself. :)
Gizzmo
Junior Member
Posts: 4
Joined: 07 Nov 2008, 05:46

Post by Gizzmo »

Hi,

now i stopped it by reinstalling csf. Looks like a problem with upgrading one of the last csf versions to a newer one. After i have uninstalled csf and reinstalled it, there are no more multiple mails with the same IP.

Regards Frank
prabudh
Junior Member
Posts: 33
Joined: 10 Dec 2006, 13:05
Location: India
Contact:

Post by prabudh »

Gizzmo, Even if its stopped you shouldn't be using port 22,
cpanel account Transfer work fine even if you have SSH running on non-standard port.

TDE you should DENY any offending IP from Root WHM-->CSF--Deny IP

Blocking them from cPanel will only block them on your domain, not on SSH and other services.

Also try the Check Server Security button on CSF, it will help you guys locking more doors for hackers.
Gizzmo
Junior Member
Posts: 4
Joined: 07 Nov 2008, 05:46

Post by Gizzmo »

Hello prabudh,

but if i set ssh to an other port, i will following error:

Connecting to Remote Server Failed: Unable to connect to XXX.XXX.XXX.XXX: port: Bad file descriptor

Regards Frank

Ok... Found my fail.. Have to open new port in and out at both servers ;-)
TDE
Junior Member
Posts: 2
Joined: 07 Nov 2008, 10:02

Post by TDE »

Thank you prabudh ... done and it's working! :D
Post Reply