[BlueOnyx:15644] Re: Dfix2/APF problem

[Greg Kuhnert]

Hi Colin.


On 11 Jul 2014, at 12:55 am, Colin Jack <colin at mainline.co.uk> wrote:

> Hi Chris
> 
>> On 7/10/2014 11:28 AM, Colin Jack wrote:
>>> I also need to work out why FTP clients keep getting listed/blocked ...
>>> they are not trying multiple logins.
>> 
>> Are you *sure*?   This may be worth checking your logs.   We frequently
>> run into customers who have some process they forgot about, or an ex-
>> employee's email trying to POP, etc.  Or they'll change the password on the
>> server and forget that they have a webcam that is set to FTP new images with
>> the OLD password... stuff like that happens all the time.
> 
> Yes - I am sure. Their IT Manager gets blocked every time he tries to login via the GUI to add a new user.
> I remove the IP from the APF deny rules and he is able to access the GUI. Sets up a new user and tests it and all okay.
> New user (client downloading drawings) tries to access FTP and can't. I check the deny list and sure enough they are in there.
> 
> Add IPs to allow rules and all okay until one day ... can't login again. Check APF and they are back in the deny rules.
> 
> Very strange.
> 
>> 
>>> Maybe Michael will know? J
>> 
>> Or Greg K., since DFIX is sort of his baby.  ;)
>> 
> 
> Yeah ... or Greg. Just thought that as Michael had put it on for me he might have an idea. :)

Check out /var/log/sec ... this is the log file for dfix2. Look for the IP in that file and send me details of what you find. That will help to understand why a particular IP is getting blocked.