BFM auto block doesn't want to work

nostech

Verified User
Joined
Jun 5, 2009
Messages
37
Hello,

I've been using the brute force monitor for some months now, and all is working find. Except for the fact that I'm unable to get the autoblocking to work, see step 4 of http://help.directadmin.com/item.php?id=380 I followed this steps verified the paths in the file were correct etc, but the server just won't do the auto blocking. I get noticed of an attack and then I have to block the IP manually, but it would be great to have it blocked automatically. I've been looking for solutions on the internet and different forums, but just couldn't find a solution for it. I hope someone here could help me to get this final step working after all. As said before block_ip.sh is working fine (I'm using it now). It should seems that DA/BFM is just not triggering the brute_force_notice_ip.sh file.

Content of the brute_force_notice_ip.sh file:

Code:
#!/bin/sh

#give your server a name for easy idenfication
SERVER=`hostname -s`

#where you want the email to be sent to
#[email protected]

#echo "IP $value has been blocked for making $count failed login attempts
#
#$data
#
#`dig -x $value`" | mail -s "$SERVER:  blocked $value for $count failed attempts" $EMAIL

SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

I have tried changing the user/group of the file to root or diradmin but none of this would do the trick neither.

Thanks in advance.
 
Last edited:
Back
Top