MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: chrisf on 2013-07-15, 20:53:06

Title: LxGuard???
Post by: chrisf on 2013-07-15, 20:53:06
Does LxGuard work???  This is the alert email sent to me from CSF firewall:

IP:       218.145.71.229 (KR/Korea, Republic of/freeto.net)
Failures: 10 (ftpd)
Interval: 3600 seconds
Blocked:  Permanent Block
Log entries:
Jul 15 00:24:02 server2 pure-ftpd: (?@218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:09 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:21 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:33 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:45 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:49 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:53 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:25:04 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:25:13 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:25:18 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]

LxGuard is set to 5 wrong attempts.  CSF is set to 10.  LxGuard NEVER blocked this attempt.

This is a serious problem for those who are not using CSF and are depending on LxGuard.
Title: Re: LxGuard???
Post by: MRatWork on 2013-07-15, 21:42:12
I am not using CSF and IPTables.

This VPS blocked 78 IPs for trying ssh access by lxguard. So, lxguard work perfectly.
Title: Re: LxGuard???
Post by: chrisf on 2013-07-15, 21:52:40
Quote from: "MRatWork"
I am not using CSF and IPTables.

This VPS blocked 78 IPs for trying ssh access by lxguard. So, lxguard work perfectly.

Is there a way to test LxGuard or to make sure it is running?  I do not understand why CSF blocked the ftp hack and LxGuard did not.
Title: Re: LxGuard???
Post by: chrisf on 2013-07-19, 00:49:16
Mustafa - how to confirm LxGuard is working?  I think it is broken.  I ask because I just got another block from CSF on SSH after 10 wrong password attempts.

LxGuard is set to 5!

Something is not right with LxGuard or the rate at which it checks is slower than CSF?

Please advise
Title: Re: LxGuard???
Post by: MRatWork on 2013-07-19, 01:13:40
Did you see in 'Admin > servers > (choose server) > LxGuard > Connections' and 'Raw connections' for blocked IPs?.
Title: Re: LxGuard???
Post by: chrisf on 2013-07-19, 06:01:52
I have two servers - neither server LxGuard is appearing to work.

I clustered my CSF so it will block ip on both servers for any attack attempt.

Server 1 has blocked 4 attempts (10 wrong password attempts)

Sever 2 has blocked 2 attempts (10 wrong password attempts)

LxGuard is set to 5 on both servers.  Nothing listed in Blocked Hosts, Connections, or Raw Connections.

CSF is protecting my servers.
Title: Re: LxGuard???
Post by: hilfans on 2017-12-08, 10:55:14
I want to know how to clear log on table Raw Connections at LxGuard? (LxGuard >> Raw Connections).

I'm already cleanup all log at var/log, but the table is still display the log activity.