MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: chrisf on 2013-07-15, 20:53:06
-
Does LxGuard work??? This is the alert email sent to me from CSF firewall:
IP: 218.145.71.229 (KR/Korea, Republic of/freeto.net)
Failures: 10 (ftpd)
Interval: 3600 seconds
Blocked: Permanent Block
Log entries:
Jul 15 00:24:02 server2 pure-ftpd: (?@218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:09 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:21 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:33 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:45 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:49 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:24:53 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:25:04 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:25:13 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
Jul 15 00:25:18 server2 pure-ftpd: (?@ 218.145.71.229) [WARNING]
Authentication failed for user [administrator]
LxGuard is set to 5 wrong attempts. CSF is set to 10. LxGuard NEVER blocked this attempt.
This is a serious problem for those who are not using CSF and are depending on LxGuard.
-
I am not using CSF and IPTables.
This VPS blocked 78 IPs for trying ssh access by lxguard. So, lxguard work perfectly.
-
I am not using CSF and IPTables.
This VPS blocked 78 IPs for trying ssh access by lxguard. So, lxguard work perfectly.
Is there a way to test LxGuard or to make sure it is running? I do not understand why CSF blocked the ftp hack and LxGuard did not.
-
Mustafa - how to confirm LxGuard is working? I think it is broken. I ask because I just got another block from CSF on SSH after 10 wrong password attempts.
LxGuard is set to 5!
Something is not right with LxGuard or the rate at which it checks is slower than CSF?
Please advise
-
Did you see in 'Admin > servers > (choose server) > LxGuard > Connections' and 'Raw connections' for blocked IPs?.
-
I have two servers - neither server LxGuard is appearing to work.
I clustered my CSF so it will block ip on both servers for any attack attempt.
Server 1 has blocked 4 attempts (10 wrong password attempts)
Sever 2 has blocked 2 attempts (10 wrong password attempts)
LxGuard is set to 5 on both servers. Nothing listed in Blocked Hosts, Connections, or Raw Connections.
CSF is protecting my servers.
-
I want to know how to clear log on table Raw Connections at LxGuard? (LxGuard >> Raw Connections).
I'm already cleanup all log at var/log, but the table is still display the log activity.