Tweet
Great product! Saves me tons of work no longer having to build my own list of miscreant IPs.
One problem:
IPs in the CSF deny list are not blocked when Imunify360 is enabled.
This IP is a WP login attack bot. Found tons of these entries on the Imunify Incidents page:
2 minutes ago United States 198.xxx.xxx.xxx 3 retries WordPress login attempt https://.com" rel="nofollow noreferr...w.<domain>.com
On the Imunify Blacklist page:
Black list management is disabled due to CSF integration mode.
Please use csf to manage black list.
So ...
csf -d 198.xxx.xxx.xxx
deny failed: 198.xxx.xxx.xxx is in already in the deny file /etc/csf/csf.deny 1 times
Yup, its there ...
# ipset --list chain_DENY | grep 198.*
198.xxx.xxx.xxx
Still getting this in the Imunify Incident log and in the website log file.
access-logs/<domain>.com:198.xxx.xxx.xxx - - [02/May/2017:14:52:22 -0400] "POST /wp-login.php HTTP/1.1" 200 1682 "-" "Mozilla/5.0
One problem:
IPs in the CSF deny list are not blocked when Imunify360 is enabled.
This IP is a WP login attack bot. Found tons of these entries on the Imunify Incidents page:
2 minutes ago United States 198.xxx.xxx.xxx 3 retries WordPress login attempt https://.com" rel="nofollow noreferr...w.<domain>.com
On the Imunify Blacklist page:
Black list management is disabled due to CSF integration mode.
Please use csf to manage black list.
So ...
csf -d 198.xxx.xxx.xxx
deny failed: 198.xxx.xxx.xxx is in already in the deny file /etc/csf/csf.deny 1 times
Yup, its there ...
# ipset --list chain_DENY | grep 198.*
198.xxx.xxx.xxx
Still getting this in the Imunify Incident log and in the website log file.
access-logs/<domain>.com:198.xxx.xxx.xxx - - [02/May/2017:14:52:22 -0400] "POST /wp-login.php HTTP/1.1" 200 1682 "-" "Mozilla/5.0
Comment