You can block the IPs in DirectAdmin automatically, after a certain number of failed login attempts.
If you have CSF + LFD installed, create a script /usr/local/directadmin/scripts/custom/block_ip.sh:
#!/bin/sh
/etc/csf/csf.pl -td $ip 86400
exit 0
Then, change permissions for block_ip.sh to 700
chmod 700 block_ip.sh
This enables in DirectAdmin Brute Force monitor a Block IP button, which gives you possibility to block manually an IP. In the above script the IP is temporarily blocked for 24h (86400 sec).
If you want to block IP permanently replace line
/etc/csf/csf.pl -td $ip 86400
with
/etc/csf/csf.pl -d $ip
If you want to automatically block IPs, create a script usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;
Then, change permissions for brute_force_notice_ip.sh to 700.
chmod 700 brute_force_notice_ip.sh
When the system sends an email about a brute force attack then at the same time the script will block that IP.
If you have CSF + LFD installed, create a script /usr/local/directadmin/scripts/custom/block_ip.sh:
#!/bin/sh
/etc/csf/csf.pl -td $ip 86400
exit 0
Then, change permissions for block_ip.sh to 700
chmod 700 block_ip.sh
This enables in DirectAdmin Brute Force monitor a Block IP button, which gives you possibility to block manually an IP. In the above script the IP is temporarily blocked for 24h (86400 sec).
If you want to block IP permanently replace line
/etc/csf/csf.pl -td $ip 86400
with
/etc/csf/csf.pl -d $ip
If you want to automatically block IPs, create a script usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;
Then, change permissions for brute_force_notice_ip.sh to 700.
chmod 700 brute_force_notice_ip.sh
When the system sends an email about a brute force attack then at the same time the script will block that IP.
No comments:
Post a Comment