psad keeps removing/adding bad IP even though bad IP set in auto_dl

[faxotherapy]

Hi, I've set a bad IP to auto_dl with DL 5. This IP keeps hammering my server. So, I thought it'd be a good idea to put it in this file. Unfortunately, I've got this:

# systemctl status psad
mai 28 15:58:58 psad[30129]: src: 110.249.212.46 signature match: "BACKDOOR DoomJuice f
mai 28 15:58:58 psad[30129]: scan detected (Nmap -sT or -sS scan): 110.249.212.46 -> 19
mai 28 16:00:30 psad[30129]: src: 85.209.0.69 signature match: "MISC MS Terminal Server
mai 28 16:00:30 psad[30129]: scan detected (Nmap -sT or -sS scan): 85.209.0.69 -> 193.3
mai 28 16:01:42 psad[30129]: removed iptables auto-block against 92.118.37.81
mai 28 16:01:57 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.
mai 28 16:01:57 psad[30129]: added iptables auto-block against 92.118.37.81 (unlimited
mai 28 16:02:23 psad[30129]: removed iptables auto-block against 92.118.37.81
mai 28 16:02:28 psad[30129]: scan detected (Nmap -sT or -sS scan): 92.118.37.81 -> 193.
mai 28 16:02:28 psad[30129]: added iptables auto-block against 92.118.37.81

When I input psad -S, I've got:

# psad -S

[+] Top 25 attackers:
      92.118.37.81    DL: 5, Packets: 10, Sig count: 0
…

iptables auto-blocked IPs:
      92.118.37.81 (unlimited timeout)
            [expired timeout, sending cleanup message]

It used to work properly, then suddenly for no reason psad keeps removing and adding the IP. The IP is normally of DL 2, but I set it to DL 5 in auto_dl file.

My psad.conf settings are:

• ENABLE_AUTO_IDS set to Y
• AUTO_IDS_DANGER_LEVEL set to 4
• ENABLE_AUTO_IDS_EMAILS set to Y
• EMAIL_ALERT_DANGER_LEVEL set to 4
• IPT_SYSLOG_FILE set to /var/log/syslog
• AUTO_BLOCK_TIMEOUT set to 3600