OK... I'm not a history expert with CSF/LFD, but the statement next to the POP3 login failure, specifically:
# [*]Enable login failure detection of courier pop3 connections. This will not
# trap the older cppop daemon
LF_POP3D = 5
LF_POP3D_PERM = 600
Has confused me... The only POP3 daemon that is supported (that I can see) via the standard WHM interface is cppop, and I am running the latest update of the Release tree.
I am getting loads of lame attempts at logging into pop3 which are being ignored, or so it seems, by LFD. The above settings shouldbe temp banning this IP after the 5th failure...
My other relevant settings are:
LF_TRIGGER = 10
LF_TRIGGER_PERM = 600
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=budd, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=button, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=bridgette, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=bryce, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=bryson, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=brian, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=brooklyn, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=candy, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=byron, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=brooklyn, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=brianna, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=buy, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=bruce, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=calvin, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=bruce, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=brent, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=byron, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=button, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=career, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Maximum connection limit reached for ::ffff:81.149.149.117
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=caesar, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Maximum connection limit reached for ::ffff:81.149.149.117
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: LOGIN FAILED, user=christian, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: LOGIN FAILED, user=claire, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
and so on...
Even the old APF/BFD combo used to pick up issues like this... is there a way around this?
Steve
# [*]Enable login failure detection of courier pop3 connections. This will not
# trap the older cppop daemon
LF_POP3D = 5
LF_POP3D_PERM = 600
Has confused me... The only POP3 daemon that is supported (that I can see) via the standard WHM interface is cppop, and I am running the latest update of the Release tree.
I am getting loads of lame attempts at logging into pop3 which are being ignored, or so it seems, by LFD. The above settings shouldbe temp banning this IP after the 5th failure...
My other relevant settings are:
LF_TRIGGER = 10
LF_TRIGGER_PERM = 600
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=budd, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=button, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=bridgette, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=bryce, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=bryson, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=brian, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=brooklyn, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=candy, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=byron, ip=[::ffff:81.149.149.117]
May 8 05:19:13 blade8 pop3d: LOGIN FAILED, user=brooklyn, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=brianna, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=buy, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=bruce, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=calvin, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=bruce, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=brent, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=byron, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=button, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=career, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Maximum connection limit reached for ::ffff:81.149.149.117
May 8 05:19:14 blade8 pop3d: LOGIN FAILED, user=caesar, ip=[::ffff:81.149.149.117]
May 8 05:19:14 blade8 pop3d: Maximum connection limit reached for ::ffff:81.149.149.117
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: LOGIN FAILED, user=christian, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: LOGIN FAILED, user=claire, ip=[::ffff:81.149.149.117]
May 8 05:29:19 blade8 pop3d: Connection, ip=[::ffff:81.149.149.117]
and so on...
Even the old APF/BFD combo used to pick up issues like this... is there a way around this?
Steve