DA ip-restriction

[Suurbiers]

Hi all,

i need to know where i can find the index.php of DirectAdmin where you could log in, i want to edit it and make it ip restricted with some php lines.

I am using a firewall that is configurated by someone else so i dont know how to fix it into my firewall its not something like APF or KISS.

Much thanks!
Suurbiers.

 

[DirectAdmin Support]

Hello,

Do you mean the login page where you enter you user/pass.. or do you mean the first page you see after you login?

The login page itself is internal (no file by default).. and neither pages are written in php.

The best way to do IP filtering is to make your brute force failed login checker set to a really low value so if anyone makes a few wrong inputs, they get blacklisted.

eg:

Admin Level -> Admin Settings -> Blacklist IPs for excessive login attempts after 5 attempts.

I don't recommend much lower than 5 because even just loading the login page counts as 1 failed login without even trying.

OR ... set the limit to 1 failed password .. so anoyone accessing the login page is blacklisted instantly (you can try 0, but I can't recall what we set it to do, off the top of my head)
Then add your own IP to the whitelist (create it):
/usr/local/directadmin/data/admin/ip_whitelist

John