Option to include 2222 failed attempt in BFM blocks (CSF)

Version 1.60.0


All of the below assumes the option in Admin Settings is enabled: "Blacklist IPs for excessive DA login attempts" = yes ---- New optional feature will go beyond just adding the IP to the ip_blacklist file, but when below is enabled, it will also add the IP to the firewall using the block_ip.sh scripts. New internal default, disabled by default for now: include_directadmin_port_in_brute_firewall=0 To enable, set to 2: ./directadmin set include_directadmin_port_in_brute_firewall 2 service directadmin restart Where the values are as follows: include_directadmin_port_in_brute_firewall=0 : Rely on ip_blacklist to accept the connection and return "Your IP is blacklisted" when blocked. include_directadmin_port_in_brute_firewall=1 : When too many failed login attempts are made, add to firewall (in addition to ip_blacklist) include_directadmin_port_in_brute_firewall=2 : When too many failed login attempts OR unauthorized connections are made, add to firewall (in addition to ip_blacklist) To prevent a DOS, 2 is the preferred method, as it blocks both brute force login attempts, but also blocks IPs that connect to the box only to clog up your child processes. The unblocks will happen with the same ip_blacklist unblock timings (via dataskq), but will also unblock from the BFM firewall, again use the unblock_ip.sh scripts.

Interested to try DirectAdmin? Get a 30-day Free Trial!