Why does block_ip.sh work but brute_force_notice_ip.sh does not?

donkeyKICK

donkeyKICK

Verified User
Joined
Jul 24, 2007
Messages
389
I wanted to have the new feature of brute force detection trigger a block in the csf.deny file.

I went to a shell and found that csf -d worked exactly as I wanted. It put it in the file block_ip.sh and when I click the button under admin panel--> brute force monitor it behaved exactly as desired:
Code: 
#!/bin/sh
csf -d $ip Added by DA BruteForce monitor
exit $?;

However, in the script brute_force_notice_ip.sh, the exact same code does not work. After looking at the thread here: http://www.directadmin.com/forum/showthread.php?41163-How-do-I-stop-a-brute-force-attack?s= I decided to try:

Code: 
#!/bin/sh
/etc/csf/csf.pl -d $value Added by DA BruteForce monitor automatic
exit 0;

I don't understand why I can call the dameon in the first case, but not in the second.
 
Last edited:
I cant tell you why doesnt work, actually i didnt understand, but, i can tell you how i do.

In brute_force_notice_ip.sh put

Code: 
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

This work for me :)

Regards
 
SeLLeRoNe said:
I cant tell you why doesnt work, actually i didnt understand, but, i can tell you how i do.

In brute_force_notice_ip.sh put

Code: 
#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

This work for me :)

Regards
Click to expand...


That only works if block_ip.sh has
Code: 
/etc/csf/csf.pl -d $ip
in it.

I was asking why
Code: 
/etc/csf/csf.pl -d $ip
works in both block_ip.sh and brute_force_notice_ip.sh

but
Code: 
csf -d
only works in block_ip.sh and NOT in brute_force_notice_ip.sh. It should work in both or neither.... odd

The code you cited just has the brute_force_notice_ip.sh call the block_ip.sh, except that doesn't work if csf -d is in block_ip.sh
 
The full path works for both, but I don't need the full path for blocked_ips.sh. I just don't know why one cares and other doesn't. The full path works, so anyboy else runnng in to this should just use the full path.

Still a bit odd though.

Thank you everybody!
 
Probably it's an issue of ENV, probably it's an issue of yours, and nobody else would face it. So more investigation is needed.
And I really do not see anything bad in using full paths to a file.
 
You must log in or register to reply here.
Back
Top