Tutorial to block IP of Brute Force by CSF on DirectAdmin
For automatic IP blocking of Brute Force by CFS, perform the following steps:
1. First go to the path below:
2. Before starting, back up the block_ip.sh and unblock_ip.sh files using the instructions below:
cp block_ip.sh block_ip.sh.bak cp unblock_ip.sh unblock_ip.sh.bak
The above files may not exist in the “usr / local / directadmin / scripts / custom” path, In this case, you will encounter the following error. Showing error will not cause any problems in the continuation of the process.
cp: cannot stat `block_ip.sh': No such file or directory cp: cannot stat `unblock_ip.sh': No such file or directory
3. Download the appropriate version using the following commands:
cd /usr/local/directadmin/scripts/custom/ wget -O block_ip.sh http://files.plugins-da.net/dl/csf_block_ip.sh.txt wget -O unblock_ip.sh http://files.plugins-da.net/dl/csf_unblock_ip.sh.txt wget -O show_blocked_ips.sh http://files.plugins-da.net/dl/csf_show_blocked_ips.sh.txt chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh
4. Use the following commands to create files called blocked_ips and exempt_ips in the root path:
touch /root/blocked_ips.txt touch /root/exempt_ips.txt
So far, IPs are not automatically blocked by the CSF, only a button is created in the brute Force Monitor for the admin to block the desired IP. In order for the IPs to block automatically, you need to install the following script and follow the next steps.
5. For automatic IP blocking and run the following commands:
cd /usr/local/directadmin/scripts/custom wget -O brute_force_notice_ip.sh http://files.directadmin.com/services/all/brute_force_notice_ip.sh chmod 700 brute_force_notice_ip.sh
6. In order not to overwrite the roles and roles of iptables with CSF, turn off the execution of this service with the help of the following commands on the server.
chkconfig iptables off chkconfig ip6tables off mv /etc/init.d/iptables /etc/init.d/iptables~moved echo -e '#!/bin/bash\nexit 0;' > /etc/init.d/iptables chmod 755 /etc/init.d/iptables chkconfig iptables on chkconfig ip6tables on service iptables start
7. When you’re done, make sure the IPs are blocked correctly. Try the following command:
csf –g IP
If you have any questions or problems, you can ask the Ask system to provide guidance.