jim.thornton
Verified User
- Joined
- Jan 1, 2008
- Messages
- 334
I'm using APF firewall. I had DA setup a few years ago and really neglected it. I didn't keep it up to date or maintain it for security very well. The server was never compromised on the DA/Admin level but I believe that one of the user accounts has been compromised and it has been sending out a ton of emails as a result.
I have now re-installed the whole server, locked it down with the assistance of my VPS provider.
I have APF Firewall and BFD installed. BFD works well monitoring the ssh/ftp/exim2/etc ports and automatically adds IP's to the APF blacklist when there has been X number of attempts within 1 minute. The problem is that I'm still getting emails from DA saying that there have been 400+ (or whatever) login attempts on different services and the IP's weren't added to the blacklist. They should have been added after X number within 1 minute.
I would like to add this same functionality to DirectAdmin. I have read that there are hooks with the brute force monitor within DA. My new server has been installed for approximately 30 days and I have 209 emails from the server indicating brute force attack attempts. WOW! They started within 1 hour of installing the new server.
Can someone please help me get this going?
Could someone help me get this up and running. I saw the Knowledgebase article talking about block_ip.sh but it seems that it adds a button to DA that the admin has to manually block the IP. On top of which, I would like to use APF to block the IP's as opposed to whatever firewall is used in the DA Knowlegdebase article.
I have now re-installed the whole server, locked it down with the assistance of my VPS provider.
I have APF Firewall and BFD installed. BFD works well monitoring the ssh/ftp/exim2/etc ports and automatically adds IP's to the APF blacklist when there has been X number of attempts within 1 minute. The problem is that I'm still getting emails from DA saying that there have been 400+ (or whatever) login attempts on different services and the IP's weren't added to the blacklist. They should have been added after X number within 1 minute.
I would like to add this same functionality to DirectAdmin. I have read that there are hooks with the brute force monitor within DA. My new server has been installed for approximately 30 days and I have 209 emails from the server indicating brute force attack attempts. WOW! They started within 1 hour of installing the new server.
Can someone please help me get this going?
Could someone help me get this up and running. I saw the Knowledgebase article talking about block_ip.sh but it seems that it adds a button to DA that the admin has to manually block the IP. On top of which, I would like to use APF to block the IP's as opposed to whatever firewall is used in the DA Knowlegdebase article.