Detecting and preventing brute force login attacks on ports other than 2222

[zakazak]

Hi there,

according to this article the feature will only work on port 2222:

https://help.directadmin.com/item.php?id=404

Is this still correct or "old news"?
Are there any other features that might brake when changing the standard port?

Thanks!

 

[Richard G]

That depends. If you installed directadmin newly with the auto feature, then csf/lfd is installed with a brute force manager which also checks other things next to port 2222.

As for your second question, if other features might break when you change the standard directadmin port.... not that I know of.

 

[zakazak]

Thank you for the quick reply.

Is there any way to manually check if my directadmin installation is correctly checking the current custom port?

 

[factor]

Hi there,

according to this article the feature will only work on port 2222:

https://help.directadmin.com/item.php?id=404

Is this still correct or "old news"?
Are there any other features that might brake when changing the standard port?

Thanks!

Here is the current documentation

Securing with Brute Force Monitor | Directadmin Docs

 

[zakazak]

Here is the current documentation

Securing with Brute Force Monitor | Directadmin Docs

Thanks, something I noticed:

include_directadmin_port_in_brute_firewall=0
Option to include 2222 failed attempt in BFM blocks (CSF).

Should the value "1" enable this feature and "0" disable it?

Not all of the listed options can be found in either:
Server Manager -> Administrator Settings -> Security settings
ConfigServer Security & Firewall -> Firewall configuration
/usr/local/directadmin/conf/directadmin.conf

So I just added them manually to the directadmin.conf.

Where can I set the e-mail to which "blocked notifications" get sent to out-of-the-box? is it the mail adress of the admin account?

 

[factor]

Should the value "1" enable this feature and "0" disable it?

correct 1 is enable 0 is disable

So I just added them manually to the directadmin.conf

Feel free to check out the list of values here

All directadmin.conf values | Directadmin Docs

Correct you use the

What are directadmin.conf values and how to change them​

The format of this document will be the name and default value.

If the value does not exist in the directadmin.conf, it will be the default internal value within DirectAdmin.

Adding a value to the directadmin.conf would override the internal default.

How to change the directadmin.conf value​

Use the following steps:

/usr/local/directadmin/directadmin set variable value
service directadmin restart

Make sure you do

service directadmin restart

Where can I set the e-mail to which "blocked notifications" get sent to out-of-the-box? is it the mail adress of the admin account?

Yes its the one in Account info "User Data">email tab.

 

[zakazak]

Thank you @bdacus01

I added my custom DA and SSH port to various options in csf.conf as well. E.g.:
TCP_IN
TCP_OUT
PORTS_directadmin
PORTS_sshd

Maybe changes like this can be automated in the feature in case someone decides to change his SSH or DA port?

From the documentation seems to me like DA has a way to block failed logins on the DA Port but CSF/LFD has this option as well.