Here's a quick guide on how to block IP's that are found in the brute force log created by DirectAdmin. The IP's will be blocked via CSF, so make sure CSF is installed.
This guide is intended for CentOS systems.
Install a new iptables startup file from DirectAdmin:
cd /etc/init.d mv iptables iptables.backup wget http://files.directadmin.com/services/all/iptables chmod 755 iptables service iptables restart
Installing the scripts that take care of the blocking process
cd /usr/local/directadmin/scripts/custom wget http://www.betweendots.com/uploads/block_ip.sh wget http://files.directadmin.com/services/all/show_blocked_ips.sh wget http://www.betweendots.com/uploads/unblock_ip.sh chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh
Create the empty block list and exempt list files
touch /root/blocked_ips.txt touch /root/exempt_ips.txt
To automate the process, so all IP's reported by DirectAdmin will be automatically blocked:
cd /usr/local/directadmin/scripts/custom wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh chmod 700 brute_force_notice_ip.sh
- firescanner likes this