Linux > DirectAdmin

Brute Force Monitor in DirectAdmin.

(1/1)

Chetan Singh:
Hello,

DirectAdmin have a function to detect brute force attack but it is not blocking IP that brute force us (in Debian). It just warn and annoy us by sending an email. DirectAdmin also provide how to automatic block IP when detect brute force for CentOS/Fedora but not for Debian.

Do not worry, this post will help you to enable "Block This IP" button in DirectAdmin Administrator panel. Now, make sure you "iptables" is installed in your server. Now you need to create script file at /usr/local/directadmin/scripts/custom/blockIP.sh

====================>>>
#!/bin/sh
 
curriptables()
{
        echo "<br><br><textarea cols=160 rows=60>";
        /sbin/iptables -nL
        echo "</textarea>";
}
 
### Make sure it's not already blocked
COUNT=`grep -c $ip /etc/network/iptables.save`;
if [ "$COUNT" -ne 0 ]; then
        echo "$ip already exists in iptables ($COUNT). Not blocking.";
        curriptables
        exit 2;
fi
 
echo "Adding $ip to iptables...<br>";
/sbin/iptables -I INPUT -s $ip -j DROP
/sbin/iptables-save > /etc/network/iptables.save
 
echo "<br><br>Result:";
curriptables
exit 0;
====================>>>

Change the permission for the script to "700" with this command:

#chmod 700 /usr/local/directadmin/scripts/custom/blockIP.sh

This "blockIP.sh" script will add Block This IP button in DirectAdmin Administrator > Brute Force Monitor then click IP Info on IP that we want to block.

Thank you,

Navigation

[0] Message Index