cPHulk / csf /lfd sending multiple warnings

imacurious

Member
Mar 9, 2005
12
0
151
Using WHM 11.30.6 (build 6) on CENTOS 5.8 i686

Am using cPHulk and csf to help secure this system.
See image for my cPHulk settings.

When I get attacked, the attacking IP address correctly gets added to the IP deny file after the 5th invalid login attempt, and I receive a warning e-mail notifying me of the attempted break-in.

The body of the warning e-mail looks like this:

Time: Mon Mar 26 21:42:29 2012 -0400
IP: 119.161.162.185 (CN/China/-)
Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Permanent Block

Log entries:
Mar 26 21:42:12 vps sshd[30212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.161.162.185 user=root
Mar 26 21:42:13 vps sshd[30226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.161.162.185 user=root
Mar 26 21:42:14 vps sshd[30212]: Failed password for root from 119.161.162.185 port 38809 ssh2
Mar 26 21:42:15 vps sshd[30226]: Failed password for root from 119.161.162.185 port 51947 ssh2
Mar 26 21:42:17 vps sshd[30337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.161.162.185 user=root


But all too often I will continue to receive warning e-mails for the same IP address.
Yesterday I got 189 warning e-mails in a row - over a 34 minute span - for the same IP address continuing to attack me. Each warning e-mail references 5 different attacks, so in aggregate I was warned about nearly 1000 separate attempts to login as root. See the attached jpg as an example.

Is there any way to ensure that once the offending IP address is added to the IP deny file, that I receive only one warning e-mail, and not multiple warning messages?
 

Attachments

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Are these emails from lfd? I ask as the image provided appears to be a list of lfd alert messages.