Max number of blocked IP addresses

[casben79]

Hi Guys,

I have seen a sustained attack from many many IP addresses trying to brute force weak passwords in SMTP.

The attacker/s have many IP addresses at their control and at 200 permanent blocks he was simply using a rotation of more than 200 to continually attack.

I have upped the limit in CSF to 1000 but there is now approaching 800 IP's in the attack and it doesn't seem to be slowing down.

I can copy IP addresses over to the CPHulk blacklist, but can't find if there is a maximum number of IP's in that system as well.

Is there a max number of IP addresses in CPHulk or is there a way to up the 1000 limit in CSF?

Cheers
Ben

 

[Infopro]

I wouldn't suggest increasing the deny limit to 1000. Assuming they are not getting in and most of it hitting email accounts you don't even have on your server, your system, and CSF, is doing what it's supposed to be doing. Yes, those emails are annoying. I think many, if not most of us are getting them as well. Make sure your system, your security, and your accounts, are all locked down well.

On a more personal note, I've sent off another donation to chirpy at ConfigServer.com, recently. I think we all should.

 

[casben79]

Infopro,

Thanks for the info.

Will definitely be sending chirpy some coinage soon, as well as purchasing CXS for all my servers :D

Cheers
Ben