The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Interesting APF & BFD failure...

Discussion in 'General Discussion' started by rs-freddo, Dec 23, 2005.

  1. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    My server was getting brute forced, no problem they were going slow and easy - didn't raise load any. BUT I kept getting emails from BFD saying they were already banned??????????? Hours later!!!!!!!!!!!!!!

    WTF!!!!!!!!!!!!!!!

    Anyway the banned address was 87-114-60-69.serverpronto.com which doesn't actually resolve. However on checking the messages log I found the IP to be 69.60.114.87
    so I
    apf -d 69.60.114.87
    and that seems to have solved the problem.

    Anyway it's interesting that someone has come up with a way to fool APF & BFD into NOT banning them, so they can do brute forces till the cows come home...
    Maybe it's time I upgraded my APF...

    Anyway I thought this might be of interest to other server owners.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    There are certainly flaws in the way APF and BFD do things. I've become somewhat disillusioned by APF and BFD since using it for quite some time and fighting through some of the major bugs seen in recent releases. Thinking of trying out some of the other recommended firewall/brute-force combinations out there.
     

Share This Page