Blocked distributed ftpd attack emails and LFD going down

joaosavioli

Well-Known Member
Feb 7, 2008
64
11
58
Hi,

I'm having problem with a lot of "blocked distributed ftpd attack". When it happen, sometimes I receive an alert from cpanel that lfd is down, like this "FAILED: lfd".

Is there anything that I can do to fix it?
The "DENY_IP_LIMIT" is 200 and "DENY_TEMP_IP_LIMIT" is 100. Do you recommend upgrade both to 1000?

Bt the way, has cpanel any tool to hand it?

Thank you very much.

Best!
Joao
 
Last edited by a moderator:

joaosavioli

Well-Known Member
Feb 7, 2008
64
11
58
update:
When an attack is happening, I can see these lot of csf proccess running:
23134 root 20 0 176004 30372 2460 D 12.3 0.1 0:00.37 csf
23135 root 20 0 175856 30288 2456 S 12.0 0.1 0:00.36 csf
23231 root 20 0 175944 30276 2456 S 12.0 0.1 0:00.36 csf
23240 root 20 0 175888 30252 2460 S 11.6 0.1 0:00.35 csf
23328 root 20 0 175788 30276 2460 S 11.6 0.1 0:00.35 csf
23181 root 20 0 175880 30272 2460 S 10.6 0.1 0:00.32 csf
23081 root 20 0 175944 30260 2456 S 8.6 0.1 0:00.42 csf
23082 root 20 0 175860 30316 2460 S 6.6 0.1 0:00.35 csf

Cheers,
Joao
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston

joaosavioli

Well-Known Member
Feb 7, 2008
64
11
58
Hi!

I tried a lot of things to fix it, but every time that brute force happen with a lot of ips (more than 2000 different ips), LFD has been failed.

I think it was happening because brute force protection needs to add a lot of ips in block list at the same time.

I've fixed this problem turning off CSF brute force for FTP, IMAP and POP3, and use cphulk for this function.

Cheers
Joao
 
  • Like
Reactions: cPanelLauren