CSF Firewall - Module LFD (Login Failure Detector): Unable to retrieve blocklist MAXMIND

Your new/first Tips, tricks and tutorial forum.
Post Reply
User avatar
admin
Site Admin
Posts: 32
Joined: March 7th, 2022, 1:09 am

CSF Firewall - Module LFD (Login Failure Detector): Unable to retrieve blocklist MAXMIND

Post by admin »

Hello Everyone,

Recently My sever got many errors within my ConfigServer Filrewall module:

Code: Select all

Oct 30 04:21:37 srv8 lfd[974616]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Oct 30 04:26:37 srv8 lfd[975527]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Oct 30 04:31:38 srv8 lfd[976765]: Unable to retrieve blocklist MAXMIND - Unable to download: Can't connect to www.maxmind.com:443 (Network is unreachable)
Tried to DiG more closer the problems and found it...
Looks Like maxmind.com was changed their network and using Content Delivery Network frame from CloudFlare Inc. which is : 104.17.27.25

I've added IP4:104.17.27.25 to csf - Quick allow Actions and the problems solved!:

Code: Select all

Oct 30 04:34:41 srv8 lfd[977840]: Retrieved and blocking blocklist MAXMIND IP address ranges
Oct 30 04:34:41 srv8 lfd[977840]: IPSET: loading set new_MAXMIND with 172 entries
Oct 30 04:34:41 srv8 lfd[977840]: IPSET: switching set new_MAXMIND to bl_MAXMIND
Oct 30 04:34:41 srv8 lfd[977840]: IPSET: loading set new_6_MAXMIND with 2 entries
Oct 30 04:34:41 srv8 lfd[977840]: IPSET: switching set new_6_MAXMIND to bl_6_MAXMIND
I've also added : The Autonomous System Numbers (ASN) to Blocking Country code within csf.conf to CC_DENY and CC_DENY_PORTS with the same country code blocked.
As far as MaxMind GeoIP purpose is to block all of Anonymous Proxies...
This will reduce the minFraud service (fraud detection) for a transactional risk analysis service.

CSF can use these option below. These otpion can be set to use:

1. Perl module HTTP::Tiny
2. Perl module LWP::UserAgent
3. CURL/WGET (set location at the bottom of csf.conf if installed)

HTTP::Tiny is much faster than LWP::UserAgent and is included in the csf distribution.

LWP::UserAgent may have to be installed manually, but it can better support https:// URL's which also needs the LWP::Protocol::https perl module

CURL/WGET uses the system binaries if installed but does not always provide good feedback when it fails. The script will first look for CURL, if that does not exist at the configured location it will then look for WGET

Additionally, 1 or 2 are used and the retrieval fails, then if either CURL or WGET are available, an additional attempt will be using CURL/WGET. This is useful if the perl distribution has outdated modules that do not support modern SSL/TLS implementations.

CSF recommend to setting this set... to "2" or "3" as upgrades to csf will be performed over SSL as well as other URLs used when retrieving external data.
To install the LWP perl modules required:
On rpm based systems: (RedHat and CloudLinux)

Code: Select all

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch
Looks like everything working fine with my server so far...
Post Reply