keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
i've been getting lots of port scans and lfd's from dynamic-ip.hinet.net since day one.
CSF seems to be doing it's job, but is there anything that can be put in place (other than blocking the whole of TW), that will just kill it dead, rather than csf having to work it out.
I'm pretty sure i asked before but don't recall the outcome.
 

keat63

Well-Known Member
Nov 20, 2014
1,956
266
113
cPanel Access Level
Root Administrator
yeh, i know how they can come from anywhere, and with any frequency.
I'm seeing a few from Brazil today.
This one however, seems to be trying email logins too, and after googling it, seems is quite a common domain.
In the short term, i added to csf

1.160.0.0/16 #do not delete
36.0.0.0/8 #do not delete
118.0.0.0/8 #do not delete
114.0.0.0/8 #do not delete
111.0.0.0/8 #do not delete

hopefully this will slow them down a little.
Time will tell.