Great product! Saves me tons of work no longer having to build my own list of miscreant IPs.
IPs in the CSF deny list are not blocked when Imunify360 is enabled.
This IP is a WP login attack bot. Found tons of these entries on the Imunify Incidents page:
2 minutes ago United States 198.xxx.xxx.xxx 3 retries WordPress login attempt www.<domain>.com
On the Imunify Blacklist page:
Black list management is disabled due to CSF integration mode.
Please use csf to manage black list.
csf -d 198.xxx.xxx.xxx
deny failed: 198.xxx.xxx.xxx is in already in the deny file /etc/csf/csf.deny 1 times
Yup, its there ...
# ipset --list chain_DENY | grep 198.*
Still getting this in the Imunify Incident log and in the website log file.
access-logs/<domain>.com:198.xxx.xxx.xxx - - [02/May/2017:14:52:22 -0400] "POST /wp-login.php HTTP/1.1" 200 1682 "-" "Mozilla/5.0