Jump to content


Photo

(Automatically) block brute force IP's via CSF


  • Please log in to reply
2 replies to this topic

#1 John

John

    Administrator

  • Administrators
  • 73 posts

Posted 19 June 2014 - 06:22 AM

Here's a quick guide on how to block IP's that are found in the brute force log created by DirectAdmin. The IP's will be blocked via CSF, so make sure CSF is installed. 

 

This guide is intended for CentOS systems. 

 

Install a new iptables startup file from DirectAdmin:

cd /etc/init.d
mv iptables iptables.backup
wget http://files.directadmin.com/services/all/iptables
chmod 755 iptables
service iptables restart

Installing the scripts that take care of the blocking process

cd /usr/local/directadmin/scripts/custom
wget http://www.betweendots.com/uploads/block_ip.sh
wget http://files.directadmin.com/services/all/show_blocked_ips.sh
wget http://www.betweendots.com/uploads/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

Create the empty block list and exempt list files

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt

To automate the process, so all IP's reported by DirectAdmin will be automatically blocked:

cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh

  • firescanner likes this

#2 firescanner

firescanner

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 27 June 2014 - 01:42 PM

Hoi,

 

Volgens mij is het wel noodzakelijk om de "Notify Admins after an IP has" in te stellen, anders gebeurt er volgens mij nog niet veel?

 

Eric



#3 John

John

    Administrator

  • Administrators
  • 73 posts

Posted 28 June 2014 - 04:09 AM

No, that's something else. This has to do with brute_force detection, the "Notify Admins after an IP has" is not related. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users