gameutopia
New Member
Ok I have whm/cpanel, I have apf, ddos deflate, and I believe brute force installed.
Every night at the exact same time for the last 3 nights I get an automated email from the ddos deflate script that this same ip was banned. Which is odd same ip same time.
I did add it to apf deny host rules with this command:
/usr/local/sbin/apf -d 72.xxx.xxx.xxx "multiple repeat connections"
I also added it to iptables with the following command:
iptables -A INPUT -s ip ip.address -j REJECT
But every night it comes back for like I said the last 3 nights, and happens at 12:18 pm pacific time so I have to wait and see for tonight.
Anyway since I added it to the deny host rules and iptables it shouldn't have even been allowed to access anything right? or am I missing something?
Do I have to restart apf after adding a deny rule? or does it take effect right away?
Any thoughts or suggestions?
Thanks.
gameutopia
Every night at the exact same time for the last 3 nights I get an automated email from the ddos deflate script that this same ip was banned. Which is odd same ip same time.
I did add it to apf deny host rules with this command:
/usr/local/sbin/apf -d 72.xxx.xxx.xxx "multiple repeat connections"
I also added it to iptables with the following command:
iptables -A INPUT -s ip ip.address -j REJECT
But every night it comes back for like I said the last 3 nights, and happens at 12:18 pm pacific time so I have to wait and see for tonight.
Anyway since I added it to the deny host rules and iptables it shouldn't have even been allowed to access anything right? or am I missing something?
Do I have to restart apf after adding a deny rule? or does it take effect right away?
Any thoughts or suggestions?
Thanks.
gameutopia