Turn off Brute Force notify, but leave block_ip enabled

S

shadowq

Verified User
Joined
Dec 5, 2010
Messages
97
Hello,

I would like to be able to disable the brute force notify (so DA stops adding tickets such as "Brute-Force Attack detected in service log from IP(s) xxx..."), but continue with automatically blocking IPs. I tried setting "Notify Admins after an IP has" to 0, and leaving "Parse service logs for brute force attacks" set to "Yes", but it disables it completely. Obviously I could just filter the emails, but I was wondering if this was possible?

Thanks,
Jarrod.
 
Hello Jarrod,

Please check this feature: http://www.directadmin.com/features.php?id=1332

As brute force attacks are fairly common, and the tools to prevent those attacks are fairly reliable, some admins do not wish to be told about every case of attacks.

Since the trigger of the brute_force_notice_ip.sh only happens with notices, I've added an option to prevent the sending of the notices, but still call the scripts normally to block the IP.

The directadmin.conf option will be:
hide_brute_force_notifications=0

which is the internal default (option disabled, notifications shown)

If you wish to prevent notices from being sent out, but still have the IPs blocked, then set this in your directadmin.conf:
hide_brute_force_notifications=1
Click to expand...

p.s. Right you were, I've cleared the thread, as I was wrong in previous posts here.
 
Oh thank you Alex! That sounds like exactly what I'm after! I've added the required line to directadmin.conf. Will post back if everything works as expected.

One more question if you don't mind? Do you know if there a list of all scripts that can be called, when they are called, and what values are passed to them / expected to be returned by them? It would be great in knowing the possibilities of customisation!

Thanks again!
Jarrod.
 
Hello,

hide_brute_force_notifications is working perfectly!

As for the list, thank you for the links, they'll be helpful.

Cheers,
Jarrod.
 
You must log in or register to reply here.
Back
Top