CSF / LDF user / IP lock out info

Where can we view the lock out triggers / logs?

There are a few ways to do it.

The log itself is in /var/log/lfd.log – this provides you with all the information about what lfd is doing. lfd is the process that keeps track of many things: login failures (technically it is called the “login failure daemon”) but also other irregularities on a hosting platform: long running processes, user-run script executions, root logins, things like that.

Another way is to look at the output of the ‘csf -g’ command.
Its full use is: csf -g ip.address.goes.here

This will show you real-time whether or not a certain ip is accepted or dropped (denied). If the IP does not show up when searched this way, then csf/lfd have no blocks or accepts on the IP in particular, at which point server-wide firewall settings will still apply; for example a server-wide deny to a certain port.

To manually unblock, you can use the ‘csf -dr ip.addr.here

More usage information on csf is in the output of the ‘csf‘ command, as well as the author’s website at http://configserver.com/cp/csf.html .

Interested? Click here to contact us for a free consultation →