You are here:
Home »
No category »
How to block brute force attack automatically in DirectAdmin?

How to block brute force attack automatically in DirectAdmin?

25 September 2012
/ No category
/ 3 COMMENTS

In modern version of DirectAdmin is Brute Force Monitor. Doing good job, make alert when brute force attack is carried out. But you must eventually manually block IP, from whose attack is coming.

Of course there are ways to make it automatic. I assume your server use CSF + LFD installed and working. In other cases particular script should looks different.First, create script /usr/local/directadmin/scripts/custom/block_ip.sh:

#!/bin/sh
/etc/csf/csf.pl -td $ip 86400
exit 0

Make chmod the block_ip.sh to 700.

This enable you in DirectAdmin in Brute Force monitor button Block IP, which give you possibility to easy block it manually. In script above I block ip temporary for 24h (86400 sec.).

If you want to block IP permanently replace line “/etc/csf/csf.pl -td $ip 86400” with “/etc/csf/csf.pl -d $ip”

If you sure everything works ok, you can make it full automatic by following steps:

Create script /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

Make chmod the brute_force_notice_ip.sh to 700.

When system send you information by mail about brute force attack then in same time will block “bad” IP.

Have a nice day 🙂

How to block brute force attack automatically in DirectAdmin?

Leave a Comment:

3 comments

Popular posts

Doctrine2 Netbeans IDE problems with code completion

How to block brute force attack automatically in DirectAdmin?

SSD freezing Windows 7 problem and fix

Symfony2, Doctrine2 Fatal error: Call to a member function getMetadataFactory() on a non-object in