How to block brute force attack automatically in DirectAdmin?

In modern version of DirectAdmin is Brute Force Monitor. Doing good job, make alert when brute force attack is carried out. But you must eventually manually block IP, from whose attack is coming.

Of course there are ways to make it automatic. I assume your server use CSF + LFD installed and working. In other cases particular script should looks different.First, create script  /usr/local/directadmin/scripts/custom/block_ip.sh:

#!/bin/sh
/etc/csf/csf.pl -td $ip 86400
exit 0

Make chmod the block_ip.sh to 700.

This enable you in DirectAdmin in Brute Force monitor button Block IP, which give you possibility to easy block it manually. In script above I block ip temporary for 24h (86400 sec.).

If you want to block IP permanently  replace line “/etc/csf/csf.pl -td $ip 86400” with “/etc/csf/csf.pl -d $ip”

If you sure everything works ok, you can make it full automatic by following steps:

Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

Make chmod the brute_force_notice_ip.sh to 700.

When system send you information by mail about brute force attack then in same time will block “bad” IP.

Have a nice day 🙂

Incoming search terms:

  • Unable to detect ICU prefix or no failed

Leave a Comment:

3 comments
شارژ ایرانسل says 28 December 2013

Hello and tnx for great post. I have a question, Does this script need to restart someting on server to active?

Reply
admin says 7 January 2014

No, after set files – everything works well.

Reply
Carl says 2 November 2014

Wow! Simple and it just works! You my friend are a genius. Thank you.

Reply
Add Your Reply