How to find whether the IP address is blacklisted or not in CSF
The CSF will block external IPs(Inbound connections) for any Brute force attack or something like that(Multiple login failure, hacking attepts etc) on server. We can find out all details regarding the IP block from the ‘lfd’ log. The reason for IP block, exact time etc will be explained in the log file.
CSF log file details:
All records related with the CSF and LFD is loged in a file under “/var/log“. The log file for CSF&LFD is:
" /var/log/lfd.log "
How to find whether the IP address is blacklisted or not in CSF ?
There are three different ways to find out the details of IP address if it is Blacklisted in CSF.
Method I: From WHM
Login to your WHM control panel and search the “ConfigServer Security & Firewall” from the search tool bar which is located left side of the WHM menu. Then use the Search for IP tool to findout the details of IP block on the server.
You can unblock the IP address from the output itself. See the attachment for more tips.
Command line options
Method II : You can use the switch ‘g’ along with the csf command.
How to use it?
Step 1: SSH to your server as root user.
Step 2: Run the below pasted command.
[root@server ] csf -g IP-Address
Click here for more CSF commands for Unix/Linux servers.
1. Search the details of IP address 126.96.36.199 on your server by using the command csf.
[root@server ] csf -g 188.8.131.52 Chain num pkts bytes target prot opt in out source destination No matches found for 184.108.40.206 in iptables
2. Search after blocking the IP address 220.127.116.11 on your server.
2.1 csf -d : to block IP address
[root@server ] csf -d 18.104.22.168 Adding 22.214.171.124 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 126.96.36.199 -> 0.0.0.0/0 DROP all opt -- in * out !lo 0.0.0.0/0 -> 188.8.131.52
2.2 csf -g : to find details
[root@server ] csf -g 184.108.40.206 ------ Chain num pkts bytes target prot opt in out source destination DENYIN 26 0 0 DROP all -- !lo * 220.127.116.11 0.0.0.0/0 DENYOUT 26 0 0 DROP all -- * !lo 0.0.0.0/0 18.104.22.168 csf.deny: 22.214.171.124 # Manually denied - Tue Dec 24 14:35:43 2013 -------
Method III : Grep the IP Address details from the log file “/var/log/lfd.log”
[root@server ] grep 'IP-Address' /var/log/lfd.log
Install and configure csf on CentOS
CSF commands for Unix/Linux servers
Process tracking with the help of csf
How to disable Lfd excessive resource usage alert
How to block countries from server by using csf