Brute Force IP Info Page and custm (SKINS)

Version 1.39


Related guide to use it, including example with a working iptables firewall: ------ Extension to the Brute Force Monitor (BFM) This new feature allows "dig -x" information from the given IP. Can only be called by Admins. If /usr/bin/dig does not exist, option will not show up in the first IP table on the BFM page. If it does, a 4th column is added called "IP Info", which you can click for a given IP, taking you to the next page, showing the dig output. Any IP can be specified in the URL, but of course, a valid IP must be used. New internal directadmin.conf option, set by default to: dig=/usr/bin/dig If you create the custom script: /usr/local/directadmin/scripts/custom/ DA will then show you another table on the IP Info page. This new table will simply contain one button: "Block IP" When clicked, the custom script is excuted, and the variable: ip= is passed to the script. The purpose of this script is to more easily let you take action on that IP, without needing to login to ssh (eg: to update a firewall rule). Just be very...very.. careful if/when you do this.. as if your script has an error, you may end up blocking yourself. All output from the script will be displayed, so you can generate whatever output you'd like. Note that DA does check for zero and non-zer exit status's, so ensure you exit 0; if all went well, and exit 1 on error. The script has root access, so if you want to know how that IP got into the list, scan: /usr/local/directadmin/data/admin/ for that IPs entry, and then decode the URL encoded value to get the specifics on the login failures. It will be up to you to ensure that the IP does not get blocked twice, if blocking it twice is an issue. -------------- SKINS: admin/brute_force_ip_info.html see update for file. --- files_admin.conf CMD_BRUTE_FORCE_IP_INFO=admin/brute_force_ip_info.html

Interested to try DirectAdmin? Get a 30-day Free Trial!