The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

csf blocked IP for mod_security login failures

Discussion in 'Security' started by thewebhosting, Jul 8, 2008.

  1. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Hi,

    I am using csf on the server and just installed the mod_security. But after installing it I have found many entries as follow:

    xx.xx.xx.xx # lfd: 5 (mod_security) login failures from xx.xx.xx.xx - Tue Jul 8 07:14:47 2008

    There were many IP addresses blocked as mentioned above. Can anyone tell me what exactly the above mean? and why the IP was blocked?

    Thanks,
     
  2. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    18
    lfd is short for login failure daemon and is inlcuded with csf. You may find more information about the logging for lfd at config server's web site: http://www.configserver.com/cp/csf.html

    It looks like it's blocking IP addresses after they have 5 failed login attempts.
     
Loading...

Share This Page