Author Topic: Auto-block IP always truncates my csf.deny list  (Read 13239 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Auto-block IP always truncates my csf.deny list
« on: April 20, 2016, 06:48:06 PM »
I have about 1000 IP ranges in csf.deny that are being blocked. They look like this:
1.1.0.0/16
2.2.0.0/16
etc.

It works great, and when I "view iptables rules" they all show up in DENYIN, DENYOUT, etc.

HOWEVER... as soon as a Chinese hacker tries 10 times unsuccessfully to FTP in to my server, he gets auto blocked and added to this csf.deny file, at the bottom. So far, so good.

Here is the problem: as soon as this happens, always without fail it removes about 85% of my IP ranges.
csf.deny goes from 16K to about 4K.

Why is this?

Where can I change a setting, etc. so this will stop happening? I'm hoping eventually to get ALL the malicious IP addresses ranges blocked, or at least more and more of them, so this will happen less frequently. But for now, I manually have to go in and restore my original list, while keeping the latest blocked IPs. It's very annoying.

Thanks.

P.S. I'm running the latest CWP and the latest CentOS 6.7. My server is about a week old.
« Last Edit: April 20, 2016, 06:49:54 PM by DeveloperMcD »

Offline
*****
Re: Auto-block IP always truncates my csf.deny list
« Reply #1 on: April 21, 2016, 04:03:42 AM »
you can do it from csf configuration file

Note : adding large amount of IPs will slow your sites and will use heavy resources

Suggestion : if you don't use pure ftp so often stop the service, when you need it you can always turn it on from cwp GUI
« Last Edit: April 21, 2016, 04:08:31 AM by Sandeep »

Offline
*
Re: Auto-block IP always truncates my csf.deny list
« Reply #2 on: April 21, 2016, 04:25:30 AM »
you can do it from csf configuration file

Note : adding large amount of IPs will slow your sites and will use heavy resources

Suggestion : if you don't use pure ftp so often stop the service, when you need it you can always turn it on from cwp GUI

Which setting would I adjust?

Offline
*****
Re: Auto-block IP always truncates my csf.deny list
« Reply #3 on: April 21, 2016, 12:28:46 PM »
Set the numbers to "0" for unlimited IP blocking (csf wont delete the old blocked IPs)

Code: [Select]
DENY_IP_LIMIT = "0"
Code: [Select]
DENY_TEMP_IP_LIMIT = "0"
« Last Edit: April 21, 2016, 12:35:06 PM by Sandeep »