Interesting APF & BFD failure...

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
My server was getting brute forced, no problem they were going slow and easy - didn't raise load any. BUT I kept getting emails from BFD saying they were already banned??????????? Hours later!!!!!!!!!!!!!!

WTF!!!!!!!!!!!!!!!

Anyway the banned address was 87-114-60-69.serverpronto.com which doesn't actually resolve. However on checking the messages log I found the IP to be 69.60.114.87
so I
apf -d 69.60.114.87
and that seems to have solved the problem.

Anyway it's interesting that someone has come up with a way to fool APF & BFD into NOT banning them, so they can do brute forces till the cows come home...
Maybe it's time I upgraded my APF...

Anyway I thought this might be of interest to other server owners.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
30
473
Go on, have a guess
There are certainly flaws in the way APF and BFD do things. I've become somewhat disillusioned by APF and BFD since using it for quite some time and fighting through some of the major bugs seen in recent releases. Thinking of trying out some of the other recommended firewall/brute-force combinations out there.