DirectAdmin 1.695

Ohm J said:
I just update some setting in today to match with my custom "block_ip.sh".
Click to expand...
I'm confused now, does this affect the block_ip.sh file? I'm also using that, can I keep the seconds setting or do I need to change that value so it will be minutes after the newest update? Always has been seconds until now (as should be).
So these things should not suddenly be changed for no reason, better to change the GUI than the system.
 
@Richard G
Your script might not same with my script, because I revoke into temp block and use some of these value from directadmin.

So, my script could become "temporary block for 90days" 😅

So nevermind, I'm not use this value anymore and switch to "clear_brute_log_time" and set "unblock_brute_ip_time" to 0 for prevent any missleading in the future.

Since I'm using temporary block, so I don't need the DA task to clear the "csf.deny".



..... And I just found something problem today, "clear_brute_log_time" must matching with temp block timing. Otherwise DA won't notify to "ip_block.sh" anymore on the re-abused IPs until that's old notify past the "clear_brute_log_time" timing.
 
Maybe mine is not affected, still not sure.
My block_ip.sh is called by the brute_force_notice_ip.sh script.
Contents of this script is:
Code: 
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

And the block_ip.sh is
Code: 
#!/bin/sh
/etc/csf/csf.pl -td $ip 14400 BFM IP Block
exit 0;

Normally this gives a temp block of 4 hours by CSF. This should never become 14400 minutes. :)

Scripts were created by @zEitEr in te past, they are on his github.
 
Richard G said:
Scripts were created by @zEitEr in te past, they are on his github.
Click to expand...

Probably in the old days the scripts were that simple. Now they have evolved into bigger ones.

github.com

GitHub - poralix/directadmin-bfm-csf: A set of scripts to let Brute Force Monitor in DirectAdmin to block IPs using CSF/LFD. If you need custom installation or support please feel free to request it here or on our site

A set of scripts to let Brute Force Monitor in DirectAdmin to block IPs using CSF/LFD. If you need custom installation or support please feel free to request it here or on our site - poralix/direct...
github.com github.com

The scripts do not operate with clear_blacklist_ip_time variable, that is shown as "Blacklist removal timeout" in the section "Brute Force Monitor", which allows modifying settings for protecting the DirectAdmin web interface only.

The scripts use unblock_brute_ip_time which is represented under the same name "Blacklist removal timeout", but in the section "Brute force log scanner". This exact section goes for a protection of other services against brute-force attacks.

And according to the code in the script block_ip.sh written years ago, the unblock_brute_ip_time represented time in minutes:

Bash: 
    TTL=$(/usr/local/directadmin/directadmin c | grep -m1 "unblock_brute_ip_time=" | cut -d= -f2);

    if [ "${TTL}" == "0" ];
    then
        TTL="1825d";       # If TTL=0 then IP should be blocked forever
                           # here we set TTL to 5 years = 365d * 5
    else
        TTL=$((TTL*3*60)); # It is Directadmin which unblocks IP, so we need to have enough long TTL
                           # so that Directadmin have a chance to unblock it
                           # Additionaly convert minutes to seconds *60
    fi;

- https://github.com/poralix/directadmin-bfm-csf/blob/master/block_ip.sh

So nothing changed in this part I believe.
 
You must log in or register to reply here.
Back
Top