Brute Force Monitor: Better filtering by country code

W

warg

Verified User
Joined
Nov 30, 2020
Messages
165
Hello,

I would like to filter the different tabs (or at least some of them) of the Brute Force Monitor by country code, not just IP address or username. Right now, I check the block list by hand with my browser's search function. Is there a way to achieve this easily in DirectAdmin?

Background: I would like to send abuse emails to ISPs of one or more specific countries.

If this is nothing that I can look up easily in DirectAdmin or won't be improved in future, I will have to write a script which will analyse the security-related logs for me.

Thank you for your help guys!

Best Regards,
 
warg said:
I would like to filter the different tabs (or at least some of them) of the Brute Force Monitor by country code
Click to expand...
You would need make this a feedback request.

You can use AbuseIPDB in CSF now

AbuseIPDB and CSF/Others

All: Just in case you did not know. AbuseIPDB allows auto reporting of the "bad guys" with CSF and Others. You just need a free account. AbuseIPDB provides a free API for reporting and checking IP addresses. Every day webmasters, system administrators, and other IT professionals use our API to...
forum.directadmin.com forum.directadmin.com
 
Still, I liked the link you have provided and it's a good start. I like projects like that! Maybe I can extend the tables/pages of this easily in DirectAdmin. I would have to check this.

For some interesting reason I see attacks from hosts in countries with a good reputation/strong laws and where the abuse team is not free of any pain regarding abuse emails they receive. In at least two cases it's coming from networks of hosts where I have business relations with. So I want to investigate this more - to have maybe some more serious talk regarding their abuse team and network monitoring because this is not the first time I see it . . . We will see.
 
Oh wow, that's why I love DirectAdmin: Things can be so easy. I will check that!

(It would be great if the docs had some table of content on the beginning of a page to see the subchapters. Then I wouldn't have missed this subchapter)
 
I just tried to add another field and did a rewrite_confs, restarted Directadmin and cleared the cache of my browser. It looks like neither editing the original file nor adding a custom file changes the columns. Could it be that this is only to override existing fields/columns but not adding new ones?
 
Does someone know if there is a way like suggested here (am I doing it wrong or is this scenario not supported by BFM customizing?)
 
Block country code, Currently I use "maxmind IP Geo", It better than other choice in csf config, Because Low Resource Usage.

csf config have some options to get IP information with curl or with Maxmind.
Block too many country don't harm any resource when compare with other choice.

CC_SRC
CC_DENY

just add to csf firewall config, Don't need to custom BFM.
 
jamgames2 said:
Block country code, Currently I use "maxmind IP Geo", It better than other choice in csf config, Because Low Resource Usage.

csf config have some options to get IP information with curl or with Maxmind.
Block too many country don't harm any resource when compare with other choice.

CC_SRC
CC_DENY

just add to csf firewall config, Don't need to custom BFM.
Click to expand...

His question is more :
warg said:
Background: I would like to send abuse emails to ISPs of one or more specific countries.
Click to expand...
 
You must log in or register to reply here.
Back
Top