grep '126.96.36.199' /var/log/lfd.logFrom CSF/LFD either in directadmin or in a server console. Read official guides and csf/lfd usage for more details.
thanks how i can enable it?The guide you are referring to suggests disabling LF_DIRECTADMIN in CSF/LFD. There is also an auto-installer which disables the check LF_DIRECTADMIN as well.
If you have the check LF_DIRECTADMIN enabled then you should unblock the IP directly from CSF/LFD. And CSf/LFD comes with a visual plugin whenever it's installed on directadmin server.
Blacklist IPs for excessive DA login attempts = 3
A brute force attack has been detected in one of your service logs. IP 188.8.131.52 has 97 failed login attempts: exim2=97 IP 184.108.40.206 has 22 failed login attempts: wordpress2=22 Check 'Admin Level -> Brute Force Monitor' for more information http://help.directadmin.com/item.php?id=404
Thanks a lot for your reply.See https://help.directadmin.com/item.php?id=404
The option Blacklist IPs for excessive DA login attempts = 3 is responsible only blocking attacks to DirectAdmin port 2222.
ButeForce attacks to other services according to the image should be blocked after 5 attempts.
First make sure CSF/LFD is running, and then try to manually block an IP from DirectAdmin brute force manager page and see results.
[root@server ~]# csf -e csf and lfd are not disabled!
A brute force attack has been detected in one of your service logs. IP 220.127.116.11 has 15 failed login attempts: wordpress2=15 Check 'Admin Level -> Brute Force Monitor' for more information http://help.directadmin.com/item.php?id=404
Adding 18.104.22.168 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 22.214.171.124 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 126.96.36.199
cat blocked_ips.txt | grep "188.8.131.52"
184.108.40.206=dateblocked=1574607782 220.127.116.11=dateblocked=1574649002 18.104.22.168=dateblocked=1574680081
Thanks a lot for your reply dear Alex.Directadmin finds attacking IPs and tells CSF/LFd to block them. Meanwhile DirectAdmin manages its own list of blocked IPs, i.e. "blocked_ip.txt" and it is used only for metadata only.
If you changed port for DirectAdmin, it's OK, the option Blacklist IPs for excessive DA login attempts = 3 will still work, what I wanted to say, is that the option works only for login attempts to DirectAdmin panel only, whatever port it s running on.
As for Akismet, refer to CSF/LFD documentation.