Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

csf blocked IP for mod_security login failures

Discussion in 'Security' started by thewebhosting, Jul 8, 2008.

  1. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    68
    Hi,

    I am using csf on the server and just installed the mod_security. But after installing it I have found many entries as follow:

    xx.xx.xx.xx # lfd: 5 (mod_security) login failures from xx.xx.xx.xx - Tue Jul 8 07:14:47 2008

    There were many IP addresses blocked as mentioned above. Can anyone tell me what exactly the above mean? and why the IP was blocked?

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    689
    Likes Received:
    1
    Trophy Points:
    318
    lfd is short for login failure daemon and is inlcuded with csf. You may find more information about the logging for lfd at config server's web site: http://www.configserver.com/cp/csf.html

    It looks like it's blocking IP addresses after they have 5 failed login attempts.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice