[BlueOnyx:15651] Re: Dfix2/APF problem
Colin Jack
colin at mainline.co.uk
Fri Jul 11 03:11:37 -05 2014
Hi Greg,
> Check out /var/log/sec ... this is the log file for dfix2. Look for the IP in that file
> and send me details of what you find. That will help to understand why a
> particular IP is getting blocked.
Well here is a result (sort of) ... I've been blocked this morning and I haven't been near it! :)
[root at server8 log]# cat sec |grep 84.23.16.59
Mon Jul 7 08:59:05 2014: Creating event 'BLOCK, 84.23.16.59, proftpd-b4'
Mon Jul 7 08:59:05 2014: BLOCK, 84.23.16.59, proftpd-b4
Mon Jul 7 08:59:05 2014: Executing shell command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Mon Jul 7 08:59:05 2014: Child 5201 created for command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Mon Jul 7 08:59:05 2014: Creating context 'BLOCK_84.23.16.59'
Mon Jul 7 09:59:06 2014: Deleting stale context 'BLOCK_84.23.16.59'
Mon Jul 7 09:59:06 2014: Creating event 'UNBLOCK, 84.23.16.59'
Mon Jul 7 09:59:06 2014: Stale context 'BLOCK_84.23.16.59' deleted
Mon Jul 7 09:59:06 2014: Executing shell command '/etc/apf/apf -u 84.23.16.59'
Mon Jul 7 09:59:06 2014: Child 9279 created for command '/etc/apf/apf -u 84.23.16.59'
Tue Jul 8 08:46:01 2014: Creating event 'BLOCK, 84.23.16.59, proftpd-b4'
Tue Jul 8 08:46:01 2014: BLOCK, 84.23.16.59, proftpd-b4
Tue Jul 8 08:46:01 2014: Executing shell command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Tue Jul 8 08:46:01 2014: Child 13833 created for command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Tue Jul 8 08:46:01 2014: Creating context 'BLOCK_84.23.16.59'
Tue Jul 8 09:46:02 2014: Deleting stale context 'BLOCK_84.23.16.59'
Tue Jul 8 09:46:02 2014: Creating event 'UNBLOCK, 84.23.16.59'
Tue Jul 8 09:46:02 2014: Stale context 'BLOCK_84.23.16.59' deleted
Tue Jul 8 09:46:02 2014: Executing shell command '/etc/apf/apf -u 84.23.16.59'
Tue Jul 8 09:46:02 2014: Child 16611 created for command '/etc/apf/apf -u 84.23.16.59'
Wed Jul 9 10:17:09 2014: Creating event 'BLOCK, 84.23.16.59, proftpd-b4'
Wed Jul 9 10:17:09 2014: BLOCK, 84.23.16.59, proftpd-b4
Wed Jul 9 10:17:09 2014: Executing shell command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Wed Jul 9 10:17:09 2014: Child 21518 created for command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Wed Jul 9 10:17:09 2014: Creating context 'BLOCK_84.23.16.59'
Wed Jul 9 11:17:10 2014: Deleting stale context 'BLOCK_84.23.16.59'
Wed Jul 9 11:17:10 2014: Creating event 'UNBLOCK, 84.23.16.59'
Wed Jul 9 11:17:10 2014: Stale context 'BLOCK_84.23.16.59' deleted
Wed Jul 9 11:17:10 2014: Executing shell command '/etc/apf/apf -u 84.23.16.59'
Wed Jul 9 11:17:10 2014: Child 24716 created for command '/etc/apf/apf -u 84.23.16.59'
Thu Jul 10 09:46:47 2014: Creating event 'BLOCK, 84.23.16.59, proftpd-b4'
Thu Jul 10 09:46:47 2014: BLOCK, 84.23.16.59, proftpd-b4
Thu Jul 10 09:46:47 2014: Executing shell command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Thu Jul 10 09:46:47 2014: Child 11206 created for command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Thu Jul 10 09:46:47 2014: Creating context 'BLOCK_84.23.16.59'
Thu Jul 10 10:46:48 2014: Deleting stale context 'BLOCK_84.23.16.59'
Thu Jul 10 10:46:48 2014: Creating event 'UNBLOCK, 84.23.16.59'
Thu Jul 10 10:46:48 2014: Stale context 'BLOCK_84.23.16.59' deleted
Thu Jul 10 10:46:48 2014: Executing shell command '/etc/apf/apf -u 84.23.16.59'
Thu Jul 10 10:46:48 2014: Child 14658 created for command '/etc/apf/apf -u 84.23.16.59'
Thu Jul 10 16:38:07 2014: Creating event 'WHITELIST, 84.23.16.59, ssh-w1'
Thu Jul 10 16:38:07 2014: Creating context 'WHITELIST_84.23.16.59'
Fri Jul 11 09:02:16 2014: Creating event 'BLOCK, 84.23.16.59, proftpd-b4'
Fri Jul 11 09:02:16 2014: BLOCK, 84.23.16.59, proftpd-b4
Fri Jul 11 09:02:16 2014: Executing shell command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Fri Jul 11 09:02:16 2014: Child 3300 created for command '/etc/apf/apf -d 84.23.16.59 dFixblock2'
Fri Jul 11 09:02:16 2014: Creating context 'BLOCK_84.23.16.59'
Thanks
Colin
More information about the Blueonyx
mailing list