The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BFD brute force detection problem

Discussion in 'General Discussion' started by Kasper.S, Sep 4, 2004.

  1. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    Hello,

    I installed bfd and it was working ok but now (i think it was after cpanel update) i got emails below, There is 127.0.0.1 in /usr/local/bfd/ignore.hosts. Seems that 127.0.0.1 is remote connection. What to do?

    ---------------------------------------------------------------------------------------------------
    The remote system 127.0.0.1 was found to have exceeded acceptable login failures on shaman.domain.com. As such the attacking host has been banned from further accessing this system; for the integrity of your host you should investigate this event as soon as possible.

    The following are event logs for exceeded login failures from 127.0.0.1 (all time stamps are GMT +0200):
    ----
    - Executed actions:
    127.0.0.1 was found inside a defined exclude file, or host has already been banned.

    - Log events from /var/log/messages:

    ----

    - Thank you;
    root@domain.com
    -------------------------------------------------------------------------------------------------

    - Regards, Kasper.S
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Have you changed the file /usr/local/bfd/ignore.hosts which should contain 127.0.0.1?
     
  3. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Finland
    haven't changed it but it is there
     
Loading...

Share This Page