Blacklist IP vs wrong log in to wordpress

I

inomi13

Verified User
Joined
Jan 7, 2022
Messages
162
In DA I have set block address IP after 10 wrong log in or 50 not autorisation connect but I can't understand how it's works. Someone can me explain?

Above procedure and adress IP will be block when user 10 times wrong log to DA, wordpress and roundcube. All services on my server?
 
Thanks for your help but I have two questions.

1. How can I customize the page when a user wants to connect to my server but his IP address is blocked? I found /usr/local/directadmin/data/templates/custom/blacklisted_ip.html but it only works for ip address which is ip_blacklist but it doesn't work for brute_tp.data

2. Can I set roles that will give the user permission for a site the user can contact me from? because now when adress IP of user is blocked He doesn't open my page and contact to me because He dosen't have perrmition.
 
inomi13 said:
How can I customize the page when a user wants to connect to my server but his IP address is blocked?
Click to expand...

There is no page shown to users from banned IPs, they will get a timeout or connection denied error. But you might enable a similar one. CSF/LFD support a page for unbanning only, you might find these instructions https://help.poralix.com/articles/csf-lfd-messenger-v3-with-directadmin-and-apache

inomi13 said:
Can I set roles that will give the user permission for a site the user can contact me from?
Click to expand...

Use CloudFlare for proxying requests to your company website and they will be able to connect to your site, even if their IP is blocked on your server. It will help only with a site, other protocols might still remain blocked: FTP, SMTP, POP, Directadmin.
 
There is no page shown to users from banned IPs, they will get a timeout or connection denied error. But you might enable a similar one. CSF/LFD support a page for unbanning only, you might find these instructions https://help.poralix.com/articles/csf-lfd-messenger-v3-with-directadmin-and-apache
Click to expand...
I changed in /etc/csf/csf.conf then I restart csf (csf -r) but it doesn't work :(

MESSENGER = "1"
MESSENGER_USER = "webapps"
MESSENGER_HTTPS_CONF = "/usr/local/directadmin/data/users/*/httpd.conf"
MESSENGER_HTTPS_IN = "443,2222"
MESSENGERV3 = "1"
MESSENGERV3GROUP = "access"

Use CloudFlare for proxying requests to your company website and they will be able to connect to your site, even if their IP is blocked on your server. It will help only with a site, other protocols might still remain blocked: FTP, SMTP, POP, Directadmin.
Click to expand...
Thanks for your suggest. It's what I look for :)
 
inomi13 said:
but it doesn't work :(
Click to expand...

Should you need any assistance on the forums, please forget the phrase. It does not bring any sense and help at all. It will be more helpful if you provide steps which you tested and results which you got (screenshots, text of errors). I might assume, you've restarted CSF and expected to see an unban page? But how did you try it? Did you try it from a banned IP? Or what? Or CSF did no restart? Too many questions and too many things stay behind "do not work" phrase. Please save your and my time.

If you need to increase understanding on how messenger work, then you might read official /etc/csf/readme.txt and other linked sources.
 
You right my responde was not enought. So what I did..

I changed /etc/csf/csf.conf as abouve then I restart csf. In directadmin I added adres IP computer in another network to check how messanger will be show on the browser this computer.
 
If you want to test how the page looks like you should block an ip:

Code: 
csf -d IP

It's not clear on where exactly you added an IP in DirectAdmin. There are too many places for it in the interface.
 
If you want to test how the page looks like you should block an ip:

csf -d IP
Click to expand...

deny failed: xxx.xxx.xxx.xx is in already in the deny file /etc/csf/csf.deny 1 times
 
Try and remove it from a list and then re-add it again. I can not say for sure Messenger will correctly pick-up already banned IPs. It should be tested.
 
I have in my server CSF, imunify360 and ModSecurity. License imunify360 is expired so I deactived plugin in DA. Now I see webshield when adres IP is ban. When I click recaptch Adress IP is unblock.

captcha.jpg


/var/log/lfd.log so I had to installed yum install perl-IO-Socket-INET6 perl-LWP-UserAgent -y and now it's work.

scree.jpg


Now I can't unblock the IP using recaptch and I don't know where look for the problem ? In /home/csf/public_html/index.php file_put_contents doesn't work and unblock.txt and lfd_messenger.log don't create.



In httpd error_log.log I found information

PHP Warning: file_put_contents(/home/csf/unblock.txt): failed to open stream: Permission denied in /home/csf/public_html/index.php on line 252PHP message: PHP Warning: file_put_contents(/var/log/lfd_messenger.log): failed to open stream: Permission denied in /home/csf/public_html/index.php on line 253', referer: https://xxxxxxxxx.pl



I found solution of my problem. I had to change group to directory

chown csf:access /home/csf
 
Last edited:
Hello inomi13

I also have the same problem, the website to unblock it is show but doesn't work. I already have the folder /home/csf setup to chown csf:csf as username and group is the same.

drwx--x--x 3 csf csf 4096 Jun 6 10:01 csf

Did you change anything else to have it working?

Thank you.
 
@aitorserra
your issues are about permission issued. it need to generate fpm pool for "csf" user.

more information

Solved - [Messenger Service with DirectAdmin] Docs missinformation for PHP-FPM

Anyone using docs from https://docs.directadmin.com/operation-system-level/securing/csf.html#messenger-service-with-directadmin becarefully, it not state any information about PHP-MODE, as php-fpm doesn't work with this docs. It will trigger error "Permission denied", Anyone using PHP-FPM...
forum.directadmin.com forum.directadmin.com
 
You must log in or register to reply here.
Back
Top