How to block brute force attack automatically in DirectAdmin?

In modern version of DirectAdmin is Brute Force Monitor. Doing good job, make alert when brute force attack is carried out. But you must eventually manually block IP, from whose attack is coming.

Of course there are ways to make it automatic. I assume your server use CSF + LFD installed and working. In other cases particular script should looks different.First, create script  /usr/local/directadmin/scripts/custom/

/etc/csf/ -td $ip 86400
exit 0

Make chmod the to 700.

This enable you in DirectAdmin in Brute Force monitor button Block IP, which give you possibility to easy block it manually. In script above I block ip temporary for 24h (86400 sec.).

If you want to block IP permanently  replace line “/etc/csf/ -td $ip 86400” with “/etc/csf/ -d $ip”

If you sure everything works ok, you can make it full automatic by following steps:

Create script  /usr/local/directadmin/scripts/custom/

ip=$value $SCRIPT
exit $?;

Make chmod the to 700.

When system send you information by mail about brute force attack then in same time will block “bad” IP.

Have a nice day 🙂

Leave a Comment:

شارژ ایرانسل says 28 December 2013

Hello and tnx for great post. I have a question, Does this script need to restart someting on server to active?

admin says 7 January 2014

No, after set files – everything works well.

Carl says 2 November 2014

Wow! Simple and it just works! You my friend are a genius. Thank you.

Add Your Reply