CSF Firewall with Login Failure Detection + Brute Force Monitor

Status
Not open for further replies.
PS: I also had to change my ftpd log directive in csf to point to /var/log/messages instead of secure because I have pureftpd. Any way csf can autodetect that in the future?
 
On new installations of CSF it should default to /var/log/messages on DirectAdmin servers.
 
What about this though?

------

Hello. It doesnt seem that csf/lfd is blocking the IP's that DA detects for me. I have it enabled in DA and CSF however when I check the IP's are never blocked.

See below conf
#[*]Enable login failure detection of DirectAdmin connections
# This option also detects login failures on DA for Roundcube, SquirrelMail and
# phpMyAdmin if installed and logging enabled via CustomBuild v2+
#
# If you do not want to scan for one or more of DIRECTADMIN_LOG_*, simply set
# the respective option to ""
LF_DIRECTADMIN = "5"
LF_DIRECTADMIN_PERM = "1"

Also note:
/usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh

Doesnt exist. Should it?
 
Yes.

Make sure you follow the instructions exactly. Its super simple though and they only work if your using CSF!
 
I know, I have them running for years and even made some adjustments zo they make temporary blocks automatically.

I just wanted to know if you did not used another solution which might be interesting. ;)
 
Hi Guys, I just noticed that CSF doesn't block brute-force on phpmyadmin. I searched and found this topic. Can you tell me if this is still the procedure to get this working? Or is there another / better way?
 
Status
Not open for further replies.
Back
Top