If you installed CSF, (Config Server Firewal), on the server, there is a daemon called Login Failure Daemon (lfd), bundled with CSF, which is a process that runs all the time and periodically (every X seconds) scans the latest log file entries for login attempts against your server that continually fail within a short period of time.
Normally called "Brute-force attacks" the daemon process responds quickly to such patterns and blocks the IP's.
To check why 'lfd' has failed look at the end of /var/log/lfd.log
You can see errors as follows :
---------------------------------------------------------------------------------------------------------
/var/log/lfd.log:Jul 15 09:28:33 server
lfd[11662]: Error: cannot fork: Cannot allocate memory, at line 2402
/var/log/lfd.log:Jul 15 14:10:09 server
lfd[9297]: open3: fork failed: Cannot allocate memory at
/usr/sbin/lfd line 1981
/var/log/lfd.log:Jul 16 05:43:22 server
lfd[18107]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 06:51:08 server
lfd[1916]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 09:24:53 server
lfd[7386]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 17:01:15 server
lfd[17889]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 16 22:55:31 server
lfd[5289]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 00:12:06 server
lfd[8044]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 02:19:15 server
lfd[17821]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 07:15:43 server
lfd[21667]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 09:10:10 server
lfd[7318]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 17 23:41:36 server
lfd[24521]: Error: cannot fork: Cannot allocate memory, at line 6066
/var/log/lfd.log:Jul 18 00:00:11 server
lfd[5859]: Error: cannot fork: Cannot allocate memory, at line 2018
/var/log/lfd.log:Jul 18 20:31:45 server
lfd[11656]: open3: fork failed: Cannot allocate memory at
/usr/sbin/lfd line 1981
/var/log/lfd.log:Jul 19 04:16:15 server
lfd[31925]: Error: cannot fork: Cannot allocate memory, at line 6066
/var/log/lfd.log:Jul 19 06:00:07 server
lfd[12118]: Error: cannot fork: Cannot allocate memory, at line 2018
/var/log/lfd.log:Jul 19 06:06:03 server
lfd[20240]: Error: cannot fork: Cannot allocate memory, at line 5380
/var/log/lfd.log:Jul 19 16:50:16 server
lfd[21681]: Error: cannot fork: Cannot allocate memory, at line 5380
-------------------------------------------------------------------------------------------
On further checking I have seen that the plugins installed on the server such as cmm, cmc, cmq, cse, csf, cxs, msinstall, msfe was not properly working which lead to these LFD email alerts to clients email address
Runing the following command fixed the issue.
curl -s configserver.com/free/csupdate | perl
No comments:
Post a Comment