yavuz
Well-known member
CT_LIMIT is set to 400 in this file. This setting can trigger false positives especially if keep alive is disabled in your httpd.conf. It can still trigger if you use many services at the same time. Especially ftp clients are connection hungry.
Personally I prefer disabling LF_MODSEC option in CSF due to the high number of false positives and high rate of logging.
I also keep PS_INTERVAL disabled as I have seen it also causes lots of false positives and have no real benefit.
Thanks estranged, now is my server reading the settings from the file you asked me to send you or from the software's WHM page, I'm confused....
The CT_LIMIT value wasn't showing in this post, as this was my initial thought.
I've also seen FTP connections with dodgy FTP software cause CT_LIMIT to kick in as each file is downloaded in a new connection, so you can quickly ramp up a few hundred connections to the server.
Thanks to you also MattW, I always use filezilla as FTP client. Usually I have the sites credentials saved as a profile so login problems doesn't occur.