CSF + DirectAdmin

C

cwfie

Verified User
Joined
Aug 3, 2005
Messages
91
I set up DirectAdmin to add bfd ip's to the CSF ban (deny) list with help of these tutorials:

http://help.directadmin.com/item.php?id=404
https://www.plugins-da.net/info/how-to-block-ips-with#.URUIQTtIFHl
Click to expand...

This works almost perfectly.

There are two issues:

1) CSF only keeps 200 records, when a new record is added, the oldest record is removed.
The problem is that some of these OLD IP's start a new attack. As DirectAdmin has these IP's still listed as "Blocked IPs" (brute force monitor), these IP's won't be added again to CSF.

It's possible to higher the number in CSF of 200, but this is not a solution as it will slow things down.

Would it be a solution to erase the "Blocked IPs" daily? If so, where is it located?

2) The Skip list works, but it still sends out an messages (e-mails) for the users/ip's. Can I disable this somehow?

Thank you! :)
 
Hello,

Regarding the point #1. Why do you think it will slow down your server? If you aren't running an OpenVZ VPS you might be safe to double its value.

Nevertheless thank you for your report. Unless CSF can trigger a remote script on delisting the only one idea comes to my mind is to run a cron task to keep the both list synced.
 
Try these scripts:

Code: 
cd /usr/local/directadmin/scripts/custom/
wget -O block_ip.sh http://files.plugins-da.net/dl/csf_block_ip.sh.txt
wget -O unblock_ip.sh http://files.plugins-da.net/dl/csf_unblock_ip.sh.txt
chmod 700 block_ip.sh unblock_ip.sh

they solve issues with DENY_IP_LIMIT in CSF. If an old IP is removed when adding a new one by BFM, it also will be removed from Directadmin's list of banned IPs: /root/blocked_ips.txt

Old IPs will not be synced yet.

Regards,
Alex.
 
zEitEr said:
Try these scripts:

Code: 
cd /usr/local/directadmin/scripts/custom/
wget -O block_ip.sh http://files.plugins-da.net/dl/csf_block_ip.sh.txt
wget -O unblock_ip.sh http://files.plugins-da.net/dl/csf_unblock_ip.sh.txt
chmod 700 block_ip.sh unblock_ip.sh

they solve issues with DENY_IP_LIMIT in CSF. If an old IP is removed when adding a new one by BFM, it also will be removed from Directadmin's list of banned IPs: /root/blocked_ips.txt

Old IPs will not be synced yet.

Regards,
Alex.
Click to expand...

Hi Alex,

Thanks so much for your help! I've executed the commands above. :cool:

I also found the blocked_ips.txt file on my root folder. Can I safely empty this file (as these records are not all correct anymore)?

Thanks,
Steven
 
You must log in or register to reply here.
Back
Top