BFD ... is it really working ?

i installed 2 days ago BFD (Brute Force Detection) changed rules to be strict

but when i check( bfd_log )and APF ( deny_hosts.rules ) i find nothing

i even made trig=1 for sshd for 24 hours and still got no banned IP

when i checked inside tmp folder i found tons of IP

Code: 
./                   dos-213.189.82.242  dos-62.150.203.158  dos-62.215.116.196
../                  dos-213.189.94.112  dos-62.150.203.50   dos-62.215.149.53
.apf-ad.lp1          dos-213.189.94.215  dos-62.150.203.96   dos-62.215.18.113
clamd=               dos-24.208.70.44    dos-62.150.204.151  dos-62.215.21.236
dos-137.32.101.32    dos-62.114.112.144  dos-62.150.204.60   dos-62.215.26.127
dos-139.141.11.49    dos-62.135.97.209   dos-62.150.205.75   dos-62.215.32.207
dos-166.87.255.133   dos-62.150.105.75   dos-62.150.206.53   dos-62.215.3.51
dos-168.187.0.34     dos-62.150.108.116  dos-62.150.216.202  dos-62.215.3.61
dos-168.187.0.35     dos-62.150.108.164  dos-62.150.222.110  dos-62.215.44.55
dos-193.188.105.23   dos-62.150.108.210  dos-62.150.223.135  dos-62.215.55.231
dos-193.251.135.126  dos-62.150.131.221  dos-62.150.223.165  dos-62.231.129.126
dos-195.226.241.122  dos-62.150.135.8    dos-62.150.223.175  dos-66.249.65.173
dos-195.226.241.191  dos-62.150.136.163  dos-62.150.223.181  dos-66.249.65.6
dos-195.226.241.48   dos-62.150.136.226  dos-62.150.223.212  dos-66.249.65.84
dos-195.39.128.245   dos-62.150.136.245  dos-62.150.3.101    dos-66.249.66.179
dos-195.39.128.3     dos-62.150.137.241  dos-62.150.3.141    dos-66.249.66.235
dos-195.39.135.197   dos-62.150.137.43   dos-62.150.3.193    dos-66.249.66.242
dos-195.39.155.148   dos-62.150.137.72   dos-62.150.3.29     dos-69.215.251.10
dos-195.39.155.59    dos-62.150.139.104  dos-62.150.38.135   dos-82.145.223.133
dos-195.39.161.144   dos-62.150.140.84   dos-62.150.38.241   dos-82.167.18.191
dos-195.39.161.99    dos-62.150.140.97   dos-62.150.38.76    dos-82.167.27.44
dos-195.39.176.220   dos-62.150.141.40   dos-62.150.44.225   dos-84.36.14.29
dos-195.39.177.62    dos-62.150.142.239  dos-62.150.44.6     dos-84.36.4.223
dos-195.39.178.92    dos-62.150.153.66   dos-62.150.45.152   dos-84.57.66.254
dos-195.39.180.147   dos-62.150.154.186  dos-62.150.45.157   dos-84.68.25.227
dos-195.39.180.149   dos-62.150.155.186  dos-62.150.45.218   dos-84.9.74.149
dos-196.204.158.68   dos-62.150.157.215  dos-62.150.49.117   dos-86.136.103.5
dos-196.207.205.30   dos-62.150.179.62   dos-62.150.49.124   lost+found/
dos-202.30.224.62    dos-62.150.180.210  dos-62.150.49.189   mysql.sock@
dos-205.234.193.86   dos-62.150.181.8    dos-62.150.49.78    phpSvvH92
dos-212.122.229.76   dos-62.150.202.128  dos-62.150.82.52  
  phpuqF8D1
dos-212.180.75.26    dos-62.150.202.234  dos-62.150.9.66
dos-213.189.67.169   dos-62.150.203.117  dos-62.194.13.231
1.can any one tell what are thease IP`s i found inside tmp folder

2. what are thease files phpSvvH92 and phpuqF8D1

3. why BFD not banning any IP`s in bfd_log or deny_hosts.rules

 

 

 

 

Top