Does configserver firewall block IP's for failed DA logins?

divinelighting

Verified User
Joined
Mar 17, 2008
Messages
108
CSF is adding IP's to deny list, but I'm getting notices from DA's brute force monitor about IP's that CSF is not apparently blocking.
 
Im not quite sure but i suppose no, CSF doenst check DA Attempt, that is a DA Stuff... also, DA check dovecot and CSF if i dont remember bad doesnt ;)

You should integrate BFM and CSF for a better work, search this forum, there is two script i did post for send BFM blocked IP to CSF deny IP

Regards
 
No, those are not right ones.

Use those:

/usr/local/directadmin/scripts/custom/block_ip.sh

Code:
#!/bin/sh

/etc/csf/csf.pl -d $ip BFM IP Block

exit 0;

and

/usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh
Code:
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

Then chmod both file to 700 and chown to diradmin:diradmin

Regards
 
Thanks. To be super clear, this is what I did for chmod and chown (using diradmin instead of directadmin)
chmod 700 /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh
chmod 700 /usr/local/directadmin/scripts/custom/block_ip.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/block_ip.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh
 
I already had existing block_ip.sh and unblock_ip.sh. I removed them and followed the instructions. These were their contents:
#!/bin/sh

/etc/csf/csf.pl -d $ip BFM IP Block

exit 0;
 
Back
Top