CSF Firewall with Login Failure Detection + Brute Force Monitor

[Sheldon]

PS: I also had to change my ftpd log directive in csf to point to /var/log/messages instead of secure because I have pureftpd. Any way csf can autodetect that in the future?

 

[smtalk]

On new installations of CSF it should default to /var/log/messages on DirectAdmin servers.

 

[Sheldon]

What about this though?

------

Hello. It doesnt seem that csf/lfd is blocking the IP's that DA detects for me. I have it enabled in DA and CSF however when I check the IP's are never blocked.

See below conf
#[*]Enable login failure detection of DirectAdmin connections
# This option also detects login failures on DA for Roundcube, SquirrelMail and
# phpMyAdmin if installed and logging enabled via CustomBuild v2+
#
# If you do not want to scan for one or more of DIRECTADMIN_LOG_*, simply set
# the respective option to ""
LF_DIRECTADMIN = "5"
LF_DIRECTADMIN_PERM = "1"

Also note:
/usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh

Doesnt exist. Should it?

 

[Sheldon]

I used the scripts provided and it works. Moderator please sticky this post.

 

[Richard G]

Which scripts provided. Do you mean scripst like brute_force_notice-ip.sh?

 

[Sheldon]

Yes.

Make sure you follow the instructions exactly. Its super simple though and they only work if your using CSF!

 

[Richard G]

I know, I have them running for years and even made some adjustments zo they make temporary blocks automatically.

I just wanted to know if you did not used another solution which might be interesting.

 

[anton1982]

Hi Guys, I just noticed that CSF doesn't block brute-force on phpmyadmin. I searched and found this topic. Can you tell me if this is still the procedure to get this working? Or is there another / better way?

 

[zEitEr]

I believe you've got the same question here: https://forum.directadmin.com/showthread.php?t=56981 and it was already replied.

p.s. please avoid double-posting