I've put IPs in the APF firewall's deny_hosts.rules and the IPs are still being logged. I've even put them in the hosts.deny file with no luck. I called support at ThePlanet and they couldn't help either. IPs are still being logged. Restarted APF, restarted Apache, restarted the server with no luck. The IPs are listed in the files on a 2nd look. IPTables say they are in the drop list.

I went to CPanel and banned them in the .htaccess file. That worked but are still being logged with a 403 error. But I was hoping to keep them off the server completely. Maybe they are banned but are being logged anyway? I'm wondering, though, why CPanel seems to stop them and APF doesn't. Anyone know what might be happening? Thanks for any help.

Sorry - just reread and do not have an answer for you. I have not seen APF fail if you've added a given IP to deny_hosts.rules and restarted APF - I've not seen a way to get through using that IP.

I have been wondering something similar where I'm logging IPs with a perl script, ban them via .htaccess, and it works 99.999% of the time except for one that still somehow gets through. The only thing I can think of is that they're somehow defeating my script's IP recording through somehow spoofing the IP or something else but I haven't figured it out yet.