How to block IPs with Brute Force Monitor in DirectAdmin using CSF

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,793
Location
A Coruña, Spain
As per error message, you need to disable firewalld, you can't have two firewalls running at the same time.
Code:
systemctl stop firewalld 
systemctl disable firewalld
Once you do this, CSF will be able to start.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
So I tried install CSF manually via this tut but problem still there.
Andrea already gave instructions on how to deal further. My concern is about the method which you used to get CSF/LFD installed. Usually CSF/LFD disables all alternative firewall managers during its installation. I don't recall any case when the "firewalld" failed to get disabled. Whenever using a guide or a script from Poralix for installing CSF/LFD all necessary ports should get opened.

So I guess either something went wrong or you already had CSF/LFD pre-installed, and hence its configs has not been modified during the last attempt to get it installed.
 

ericc

Verified User
Joined
Jan 2, 2018
Messages
28
Location
EU
@zEitEr could you explain why this is done in BFM ("Remove an IP from the BF blacklist after" option, expressed in minutes is multiplied by 3):

Code:
 TTL=$((TTL*3*60));

#It is Directadmin which unblocks IP, so we need to have enough long TTL

# so that Directadmin have a chance to unblock it

# Additionaly convert minutes to seconds *60
And what is minimal time in minutes, so DA would have 100% chance to unblock it?:)
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
@zEitEr could you explain why this is done in BFM ("Remove an IP from the BF blacklist after" option, expressed in minutes is multiplied by 3):
I guess you quoted the text which already explains on why this is done in the script, or not? CSF/LFD has its own functionality to clean IPs from temporary ban-list, and here we want it not to remove IP before DirectAdmin does it.

And what is minimal time in minutes, so DA would have 100% chance to unblock it?:)
The TTL in the script is changeable value taken from Directadmin. You can set as low as you need, and since directadmin save the TTL in minutes, the minimal value is 1 minute. Use 1 minute on your own if it makes any sense for you.
 

ericc

Verified User
Joined
Jan 2, 2018
Messages
28
Location
EU
I guess you quoted the text which already explains on why this is done in the script, or not? CSF/LFD has its own functionality to clean IPs from temporary ban-list, and here we want it not to remove IP before DirectAdmin does it.
Aha. I saw values in CSF, which were 3x longer, that's why I wrote this post. Comes out, I can completely ignore them and rely on DA to do it's job right on time - the time I input in "Remove an IP from the BF blacklist after". Thanks then.
 

qba82

Verified User
Joined
Jun 26, 2018
Messages
49
Hi, how can I remove IP from being blocked? I removed it from blocked_ips.txt and csf -r but it is still blocked.
I also tried add it to exempt_ips.txt and csf -r still the same, should I restart something else?
 

qba82

Verified User
Joined
Jun 26, 2018
Messages
49
Hi, how can I remove IP from being blocked? I removed it from blocked_ips.txt and csf -r but it is still blocked.
I also tried add it to exempt_ips.txt and csf -r still the same, should I restart something else?
This is solved, after I removed IP from blocked_ips.txt, it need 1 or 2 minutes, to unblock that IP.

But there is one more thing.

I noticed that blocked_ips.txt can contain same IP more then 1 time, for example I have now around 14k line now, but when I took all IPs and removed duplicates, there were only around 3k of them, this will not slow down system?
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
If you don't want to have duplicates, you should not use CSF/LFD interface, cli to unblock IPs blocked by DirectAdmin BFM, and should not modify files either. If CSF/LFD is coupled with directadmin then you should use only DirectAdmin WebUI to manage banned IPs, do all the actions only on BruteForce Monitor page.
 

qba82

Verified User
Joined
Jun 26, 2018
Messages
49
That would be fine, but BruteForce Monitor page is loading like 2-3 minutes, also every action take so much time.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
You might need to reduce values for:

Reset count of IP/User failed attempts [___] hours after last attempt.
Clear failed login attempts from log [___] days after entry was made.

As soon you get BFM working number of entries will decrease and speed increase.
 
Top