csf blocked IP for mod_security login failures

**thewebhosting** · 07-08-2008 09:06 AM

Hi,

I am using csf on the server and just installed the mod_security. But after installing it I have found many entries as follow:

xx.xx.xx.xx # lfd: 5 (mod_security) login failures from xx.xx.xx.xx - Tue Jul 8 07:14:47 2008

There were many IP addresses blocked as mentioned above. Can anyone tell me what exactly the above mean? and why the IP was blocked?

Thanks,

**daveformerlyof** · 07-08-2008 02:11 PM

lfd is short for login failure daemon and is inlcuded with csf. You may find more information about the logging for lfd at config server's web site: http://www.configserver.com/cp/csf.html

It looks like it's blocking IP addresses after they have 5 failed login attempts.

LinkBack

Thread Tools

csf blocked IP for mod_security login failures

CSF : Getting blocked in first attempt !

CSF/LFD doesn't trap "older" cppop failures?

Attack from domain not blocked in cphulk or CSF

CSF and Mod_Security

CSF Firewall: *TCP_OUT Blocked