How to block brute force attack automatically in DirectAdmin?

In modern version of DirectAdmin is Brute Force Monitor. Doing good job, make alert when brute force attack is carried out. But you must eventually manually block IP, from whose attack is coming.

Of course there are ways to make it automatic. I assume your server use CSF + LFD installed and working. In other cases particular script should looks different.First, create script  /usr/local/directadmin/scripts/custom/block_ip.sh:

#!/bin/sh
/etc/csf/csf.pl -td $ip 86400
exit 0

Make chmod the block_ip.sh to 700.

This enable you in DirectAdmin in Brute Force monitor button Block IP, which give you possibility to easy block it manually. In script above I block ip temporary for 24h (86400 sec.).

If you want to block IP permanently  replace line “/etc/csf/csf.pl -td $ip 86400” with “/etc/csf/csf.pl -d $ip”

If you sure everything works ok, you can make it full automatic by following steps:

Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

Make chmod the brute_force_notice_ip.sh to 700.

When system send you information by mail about brute force attack then in same time will block “bad” IP.

Have a nice day 🙂

Incoming search terms:

  • Unable to detect ICU prefix or no failed

3 thoughts on “How to block brute force attack automatically in DirectAdmin?

Leave a Reply

Your email address will not be published. Required fields are marked *