How to config CSF to block brute force on DirectAdmin

[ohad]

Hi,

I'm running csf in my DirectAdmin panel.
I have a lot of brute force but csf don't block this IP.

Where I need to config the settings?
I want that 10 Login Failures from the same IP in 1 hour will block the IP.

Thank you!

[Bastille]

Have you done anything to tie the two together or are you just running the two separately for now?

If the two are running separately, this guide would probably be your best bet.

[ohad]

Have you done anything to tie the two together or are you just running the two separately for now?

If the two are running separately, this guide would probably be your best bet.

This running together (I think.. I have link to csf in my DA).
https://preview.ibb.co/f9j5uS/Screen_Sh ... _06_51.png

[Bastille]

That is the CSF management plugin for Directadmin and is unrelated to this. Unless you specifically run scripts, such as the one that I linked, to tie BFM into CSF, the two will not work together.

See: https://help.directadmin.com/item.php?id=527

It says you may use CSF or BFM on their own just fine but if you want to use both, you have to run scripts to tie BFM to CSF.

[ohad]

That is the CSF management plugin for Directadmin and is unrelated to this. Unless you specifically run scripts, such as the one that I linked, to tie BFM into CSF, the two will not work together.

See: https://help.directadmin.com/item.php?id=527

It says you may use CSF or BFM on their own just fine but if you want to use both, you have to run scripts to tie BFM to CSF.

Thanks for your help!
But this guide explain how to block IP that try to brute force DirectAdmin login only?
I want that CSF will block in any port...

[Bastille]

What? The guide for integrating BFM into CSF will, at the end, make it so ANY block that BFM does winds up being properly implemented as a block in CSF (and subsequently blocked by the firewall).

[ohad]

What? The guide for integrating BFM into CSF will, at the end, make it so ANY block that BFM does winds up being properly implemented as a block in CSF (and subsequently blocked by the firewall).

There is any option to change the settings?
I want to block IP after only 5 failed attempt in 1 hour..
Something like this...

[Bastille]

If you want to make any changes to the block settings for something, you would do it in the corresponding configuration page for that app.

CSF's settings are done directly through CSF's DA plugin.

BFM's are "Administrator Settings" and then under the Security header. Ignoring the automated password recovery option, the first cluster of options are indeed for blocking attempts at bruteforcing into DirectAdmin but that doesn't involve BFM. The second cluster is what ties into BFM and so if you wanted to adjust what triggers a BFM block, you would change those settings.

If you're looking for something like blocking an IP after only 5 attempts within 1 hour, you'd be better off making those changes in CSF. BFM's strength is (generally) monitoring attempts over a long period of time in order to issue a block.

[ohad]

If you want to make any changes to the block settings for something, you would do it in the corresponding configuration page for that app.

CSF's settings are done directly through CSF's DA plugin.

BFM's are "Administrator Settings" and then under the Security header. Ignoring the automated password recovery option, the first cluster of options are indeed for blocking attempts at bruteforcing into DirectAdmin but that doesn't involve BFM. The second cluster is what ties into BFM and so if you wanted to adjust what triggers a BFM block, you would change those settings.

If you're looking for something like blocking an IP after only 5 attempts within 1 hour, you'd be better off making those changes in CSF. BFM's strength is (generally) monitoring attempts over a long period of time in order to issue a block.

Yes, I'm looking to change to blocking an IP after only 5 attempts.
But can't understand where I need to set it,,
Can you please help me with this?