The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF and BFD issues...

Discussion in 'General Discussion' started by olivier222333, Feb 27, 2005.

  1. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    :) :D
    hi all
    I have installed APF and BDF following the steps here:

    http://www.dedicated-resources.com/guide/29/Install-APF-(Advanced-Policy-Firewall).html

    I am doing a tail -f /var/log/apf_log and a tail -f /var/log/bfd_log
    but nothing blocked..
    I have attempted to login with ssh from another 20 times with a wrong root password, but I am not blocked...
    I tested to make some nmap too , not blocked anymore...

    I have put the config that dedicated-resources.com told me.
    any ideas?

    : ps aux|grep bfd
    root 23210 0.0 0.0 3644 568 pts/0 S 09:35 0:00 grep bfd

    ps aux|grep apf
    root 23262 0.0 0.0 3656 572 pts/0 S 09:35 0:00 grep apf

    normal?

    can you test? 67.19.99.130
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You're probably better off asking on the rfxn forums and posting your conf.<app> files there, since it's nothing to do with cPanel. Sounds like you haven't configured APF correctly (you did switch off DEV mode, didn't you?)
     
  3. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    DEVM="0"

    yes it s OK now:

    Feb 27 11:30:10 ns1 BFD(2176): {sshd} 81.181.106.124 exceeded maximum login failures; host already banned or ignored.
    Feb 27 11:30:10 ns1 BFD(2176): {sshd} ruser exceeded maximum login failures; host already banned or ignored.
    Feb 27 11:30:10 ns1 BFD(2176): {sshd} 81.181.106.124 exceeded maximum login failures; host already banned or ignored.


    but
    how can I change the maximum login to 10?
    what is by default the maximum login ssh? or ftp?

    thanks
     
  4. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    default for ssh is 3 and apache is 6 and all the rest is 10 you should be able to find this in

    cd /usr/local/bfd/rules
    and an ls will show you apache proftpd rh_imap rh_pop3 sshd rules in that directory ;)
     
    #4 gorilla, Feb 27, 2005
    Last edited: Feb 27, 2005
  5. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    I dont understand one thing...
    what do you mean by apache login?
    I understood for ssh login of course;...but there...
     
  6. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    go and have a look at all the individual files and it'll explain it itself !

    The apache rule is
     
  7. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    ok I know
    but I dont understand
    can you explain for apache??
    TRIG="6" (I dont see what it represent...)
    a user can t display 6 pages at the same momenT?
     
    #7 olivier222333, Feb 27, 2005
    Last edited: Feb 27, 2005
  8. JP-HOST

    JP-HOST Well-Known Member

    Joined:
    Sep 23, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Roscoe, IL, USA
    If you use .htaccess password protection for a directory, BFD will detect invalid passwords or usernames and ban after 6 attempts.
     
  9. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    ok super I understood :)
    thanks
     
  10. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    ok super I understood :)
    thanks
     
  11. olivier222333

    olivier222333 Well-Known Member
    PartnerNOC

    Joined:
    Jul 12, 2004
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    last point:


    i have read in this forum this config file for CPanel but I dont understand why he opened ports : 35000_35999?
    thanks


    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096"
     

Share This Page