I've had BFD and APF running for about a year now but my server is now getting bombarded with emails from BFD saying "host already banned or ignored." Hoe do I stop these? I've gotten over 2,000 in just a few hours today.
Thanks...
Here is just a small part of the email in case it helps someone...
- Executed actions:
lfsfxy.edu.cn was found inside a defined exclude file, or host has already been banned.
- Log events from /var/log/messages:
Jan 29 14:31:23 host BFD(4979): {sshd} dns.lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:22 host sshd(pam_unix)[13907]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=lfsfxy.edu.cn
Jan 29 14:31:24 host BFD(4979): {sshd} lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:24 host BFD(4979): {sshd} dns.lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:24 host sshd(pam_unix)[14977]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=lfsfxy.edu.cn
Jan 29 14:31:24 host BFD(4979): {sshd} lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:25 host BFD(4979): {sshd} dns.lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:25 host BFD(4979): {sshd} lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:25 host BFD(4979): {sshd} dns.lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:25 host BFD(4979): {sshd} lfsfxy.edu.cn exceeded maximum login failures; host already banned or ignored.
Jan 29 14:31:25 host sshd(pam_unix)[15240]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=lfsfxy.edu.cn user=sshd
Linear Mode
