To make Directadmin's BFM compatible with CSF you should do the following:
Code:
cd /usr/local/directadmin/scripts/custom/
cp block_ip.sh block_ip.sh.bak
cp unblock_ip.sh unblock_ip.sh.bak
It's OK if you have no block_ip.sh and unblock_ip.sh, and the previous step might fail with a warning:
cp: cannot stat `block_ip.sh': No such file or directory
cp: cannot stat `unblock_ip.sh': No such file or directory
Now fetch the files:
Code:
cd /usr/local/directadmin/scripts/custom/
wget -O block_ip.sh http://files.plugins-da.net/dl/csf_block_ip.sh.txt
wget -O unblock_ip.sh http://files.plugins-da.net/dl/csf_unblock_ip.sh.txt
wget -O show_blocked_ips.sh http://files.plugins-da.net/dl/csf_show_blocked_ips.sh.txt
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh
Create the empty block list and exempt list files:
Code:
touch /root/blocked_ips.txt
touch /root/exempt_ips.txt
This last step is optional and should only be used after you've tested the above setup for a while to get comfortable that you're not going to block yourself. The block_ip.sh is only used for an active "click" by the Admin, it does not automate blocking. To automate blocking, install the following script:
Code:
cd /usr/local/directadmin/scripts/custom
wget -O brute_force_notice_ip.sh http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh
Now you've got Directadmin which will automatically block IPs of attackers with CSF.
Disable iptables:
That was reported that raw iptables in some cases might overwrite existing rules loaded by CSF/LFD. To avoid it we'd recommend to disable
iptables and
ip6tables from being loaded at boot time:
CentOS 5, 6:
Code:
chkconfig iptables off
chkconfig ip6tables off
Code:
mv /etc/init.d/iptables /etc/init.d/iptables~moved
echo -e '#!/bin/bash\nexit 0;' > /etc/init.d/iptables
chmod 755 /etc/init.d/iptables
Now you've got Directadmin which will automatically block IPs of attackers with CSF.
Permanent link on this How-To