In modern version of DirectAdmin is Brute Force Monitor. Doing good job, make alert when brute force attack is carried out. But you must eventually manually block IP, from whose attack is coming.
Of course there are ways to make it automatic. I assume your server use CSF + LFD installed and working. In other cases particular script should looks different.First, create script /usr/local/directadmin/scripts/custom/block_ip.sh:
#!/bin/sh /etc/csf/csf.pl -td $ip 86400 exit 0
Make chmod the block_ip.sh to 700.
This enable you in DirectAdmin in Brute Force monitor button Block IP, which give you possibility to easy block it manually. In script above I block ip temporary for 24h (86400 sec.).
If you want to block IP permanently replace line “/etc/csf/csf.pl -td $ip 86400” with “/etc/csf/csf.pl -d $ip”
If you sure everything works ok, you can make it full automatic by following steps:
Create script /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:
#!/bin/sh SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh ip=$value $SCRIPT exit $?;
Make chmod the brute_force_notice_ip.sh to 700.
When system send you information by mail about brute force attack then in same time will block “bad” IP.
Have a nice day 🙂