Why is the blacklist limit at least 10?

[MiloW]

I have numerous BF attacks... I generally, in my life, use a 4 as a number of log ins after which (unsuccessful) there is a ban... whatever the system.
Why 10 at least? I have attacks with 6-7 attempts all the time...
And you just know better than the user and make it impossible to input "4" into the field?

How to override this?

 

[Richard G]

Exactly which setting are you referring to? Can you switch to the Enhanced skin and see if you can change it there?
If yes, then it's an Evo issue, although I don't have an issue with that in either skin.

I presume you mean this setting:
Blacklist IPs for excessive DA login attempts
and I have that one less than 10.

Or do you mean another one, if yes, name the specific setting please.

 

[MiloW]

Admin > Server Manager > Administrator Settings > tab: Security Settings
"Blacklist IPs for excessive DA login attempts"
even the tooltip says it's a number between 10-20

BTW I don't feel well with this template ; ) what's a community favorite template for DA?
I remember the old colorful template from like 10-15 years ago...

EDIT: I change it - save it - it says DA will be restarted within 1 minute but then I wait, come back to the place (or it even refreshes itself) - still "10"...

 

[Richard G]

Are all services running already?

Many people use Evo theme with the GRID skin. I myself use the older skin, does not have all the futures but is a lot easier imho.
That is the Enhanced skin. You could switch to that and see if you can set the login attempts to a lower value. Should be possible.

 

[MiloW]

Whichever skin I use, it won't save... comes back to 10 for both fields.

 

[MiloW]

Also I'm thinking... how can I have an entry in the BF Monitor that has like 1600 login failures and the last one a minute ago if I have had this setting at 10 tops? Why isn't this crap banned already?
Also, blocking manually doesn't work... (the top right button) OMG...

 

[Richard G]

Whichever skin I use, it won't save... comes back to 10 for both fields.

Both? There is only 1 field, the other field is for the time.
Try to set a value via directadmin.conf file.

Login as root via SSH, then edit /usr/local/directadmin/conf/directadmin.conf and change the line brutecount=xx if present to your required value.
If not present add the line, if you want bruteforce at 5, then use brutecount=5 and restart directadmin
service directadmin restart

Be aware that this is only for Directadmin bruteforce logins, not for mail bruteforces. You can configure the Configserver firewall for that.

 

[MiloW]

login attempts and connections...

Thank you for the tutorial!

EDIT:
OK, it worked, it shows 4 in the panel... I'll leave 10 for connections ; )

@Richard G any idea why it doesn't block those IPs? I have "no" for all of them everywhere...

 

[MiloW]

OK it works, it blocks.
Yeah : )