This is the second time that CSF on our Cpanel server is not detecting POP3 login failures from a dictionary attack. The IP address was added on the ip deny list but still it was able to attempt to login on POP3. We have our LF_POP3D set to 20 and LF_POP3D_PERM to 1 to block the ip permanently after 20 tries. I can’t remember the CSF version when this first happened, but this time we’re running CSF version 4.65 and the latest is 4.67. Of course, the usual way for me to fix the issue is to upgrade to the latest version.