Jump to content


(Automatically) block brute force IP's via CSF

  • Please log in to reply
2 replies to this topic

#1 John



  • Administrators
  • 73 posts

Posted 19 June 2014 - 06:22 AM

Here's a quick guide on how to block IP's that are found in the brute force log created by DirectAdmin. The IP's will be blocked via CSF, so make sure CSF is installed. 


This guide is intended for CentOS systems. 


Install a new iptables startup file from DirectAdmin:

cd /etc/init.d
mv iptables iptables.backup
wget http://files.directadmin.com/services/all/iptables
chmod 755 iptables
service iptables restart

Installing the scripts that take care of the blocking process

cd /usr/local/directadmin/scripts/custom
wget http://www.betweendots.com/uploads/block_ip.sh
wget http://files.directadmin.com/services/all/show_blocked_ips.sh
wget http://www.betweendots.com/uploads/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

Create the empty block list and exempt list files

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt

To automate the process, so all IP's reported by DirectAdmin will be automatically blocked:

cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh

  • firescanner likes this

#2 firescanner



  • Members
  • Pip
  • 1 posts

Posted 27 June 2014 - 01:42 PM



Volgens mij is het wel noodzakelijk om de "Notify Admins after an IP has" in te stellen, anders gebeurt er volgens mij nog niet veel?



#3 John



  • Administrators
  • 73 posts

Posted 28 June 2014 - 04:09 AM

No, that's something else. This has to do with brute_force detection, the "Notify Admins after an IP has" is not related. 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users