WordPress attacks and CSF

[ZipperZapper]

I'm using CSF (http://configserver.com/cp/csf.html) with DirectAdmin on Ubuntu and I'm perfectly happy with it. Attacks on all kind of services get blocked automatically with it.

But I do have a question. DirectAdmin has the WordPress attack monitor build in, which is working fine too. The Brute Force Monitor sends you emails when an attack is happening and then I have to login to block that IP. Sometimes, when it happens at night, I see >2000 failed logins in the Monitor and I also have a lot of emails in my inbox in the morning.

Is there a way to connect the WordPress attack scanner to CSF, so IP's are automatically blocked after too much attempts?

 

[Richard G]

I'm not sure but if they appear in BFM you can probably use a script to block them with CSF.
cd /usr/local/directadmin/scripts/custom
create in ther 2 scripts. Change content as needed so they work in Ubuntu:
brute_force_notice_ip.sh

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

and block_ip.sh

#!/bin/sh

/etc/csf/csf.pl -td $ip 172800 BFM IP Block

exit 0;

Als change the 172800 to any amount of seconds you want to block to be effective.

Edit: Oops I forgot, afterwards don't forget to chown en chmod.
chown diradmin:diradmin *.sh
chmod 700 *.sh

 

[ZipperZapper]

I already had block_ip.sh on my machine because of this: https://forum.directadmin.com/showthread.php?t=44839
Adding brute_force_notice_ip.sh seems to work just fine. Thanks!