Hi all,
I have a new install on Debian 11 (one week old) and I have a question about the brute force monitor.
In the past you had some custom scripts, but these days DA can call CSF directly when it's installed. My only question is when the BFM is blocking an IP?
I have an IP in the 'Failed Logins: IP list' where it says 78 login failures, but 'Blocked' says no. But where is defined how many failures an IP can have before it is blocked? When looking under 'Administrator settings' -> 'Security settings' I only see 'Blacklist IPs for excessive DA login attempts' (which is checked) and the default value of 20 is entered...
'Parse service logs for brute force attacks' is also checked...
Or is there currently no GUI option for this and do I need to enter some new directadmin.conf setting on the CLI?
I have a new install on Debian 11 (one week old) and I have a question about the brute force monitor.
In the past you had some custom scripts, but these days DA can call CSF directly when it's installed. My only question is when the BFM is blocking an IP?
I have an IP in the 'Failed Logins: IP list' where it says 78 login failures, but 'Blocked' says no. But where is defined how many failures an IP can have before it is blocked? When looking under 'Administrator settings' -> 'Security settings' I only see 'Blacklist IPs for excessive DA login attempts' (which is checked) and the default value of 20 is entered...
'Parse service logs for brute force attacks' is also checked...
Or is there currently no GUI option for this and do I need to enter some new directadmin.conf setting on the CLI?