4) This last step is optional and should only be used after you've tested the above setup for a while to get comfortable that you're not going to block yourself. The block_ip.sh is only used for an active "click" by the Admin, it does not automate blocking. To automate blocking, create:
/usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh
Notifications will be sent to all Admins on the system after an IP makes x number of attempts on any account:
ip_brutecount=20
or a user account received x number of attempts from any IP:
user_brutecount=20
*** Note that it opens ssh on port 22, so make sure you either change it manually, or have physical access to your server if you're running ssh on some other port.