Impossible de se connecter au Brute Force Monitor de DirectAdmin. Voir ici :
http://help.directadmin.com/item.php?id=463
——————————————————————-
If you get a timeout message similar to the one below when accessing the Brute Force Monitor (BMF) CMD_BRUTE_FORCE_MONITOR:
Your connection has timed out
Either your request was invalid or the program hasn’t completed your request.
Please notify the server admin.
This is usually caused by an oversized file:
/usr/local/directadmin/data/admin/brute_log_entries.list
Check this file to see if it’s large. If it is, you shrink it down, but only keeping the entries at the end of the file (end of the file has the newest entries).
cd /usr/local/directadmin/data/admin
mv brute_log_entries.list brute_log_entries.list.backup
tail -n 1000 brute_log_entries.list.backup > brute_log_entries.list
chown diradmin:diradmin brute_log_entries.list
Where you can increase or decrease the 1000 lines as needed.
Other possible affected file are the brute_user.data and brute_ip.data. Of these 2 files, it’s more likely the brute_user.data is causing the slowdown, because attacks typically happen on many Users from 1 IP address. If you need to empty the brute_user.data file, type:
cd /usr/local/directadmin/data/admin
mv brute_user.data brute_user.data.backup
touch brute_user.data
chown diradmin:diradmin brute_user.data
We wouldn’t recommend emptying the brute_ip.data because this is what counts the attacks per IP, and is what is used to determine if an IP should be blocked.
——————————————————————-
Bloquer les IPs qui attaquent le serveur :
http://help.directadmin.com/item.php?id=380
*** DirectAdmin technical support does not include firewalls, so any use of this guide will be at your own risk, and beyond the reach of our technical support ***
1) The first part of thie guide will outline how to setup the actual firewall for the block_ip.sh to use. Note that we’re not able to offer any support for this setup, so use it at your own risk. Also, this file is written for a CentOS/Fedora type system and has not been tested on Debian or FreeBSD (it may work on Debian, not sure).
cd /etc/init.d
mv iptables iptables.backup
wget http://files.directadmin.com/services/all/iptables
chmod 755 iptables
*** Note that it opens ssh on port 22, so make sure you either change it manually, or have physical access to your server if you’re running ssh on some other port.
You’ll want to test this out to ensure it works for you:
/etc/init.d/iptables restart
to make sure you can still connect to everything ok. If not, you may need to head to the datacenter to shut it off (partly why we don’t offer support for firewalls)
2) The second step is to install the block_ip.sh so you can create a file that lists the IPs to be blocked. A sample block_ip.sh can be found here.
To install this file, type:
cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/block_ip.sh
wget http://files.directadmin.com/services/all/show_blocked_ips.sh
wget http://files.directadmin.com/services/all/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh
This should activate the button in DA at:
Admin Level -> Brute Force Monitor -> IP Info -> Block IP
This particular block_ip.sh script will check to ensure that the IP you’re blocking does not already exist in the list.
It will also generate the output from « iptables -nL » which should show you everything that is current blocked in the list. (iptables -nL is also output in the event the IP is already blocked, so you can see your iptables list without doing anything)
3) Create the empty block list and exempt list files:
touch /root/blocked_ips.txt
touch /root/exempt_ips.txt
4) This last step is optional and should only be used after you’ve tested the above setup for a while to get comfortable that you’re not going to block yourself. The block_ip.sh is only used for an active « click » by the Admin, it does not automate blocking. To automate blocking, install the following script:
cd /usr/local/directadmin/scripts/custom
wget http://files.directadmin.com/services/all/brute_force_notice_ip.sh
chmod 700 brute_force_notice_ip.sh
If you’re running FreeBSD with ipfw, you’d skip steps 1, 2 and 3, and instead, add the following code to the file:
/usr/local/directadmin/scripts/custom/block_ip.sh
#!/bin/sh
echo « Blocking $ip with ipfw …<br> »;
ipfw add deny ip from $ip to any
exit $?
and don’t forget to chmod the block_ip.sh to 755.
Update: Nov 8, 2012
A guide was written on the forum:
http://www.directadmin.com/forum/showthread.php?t=42202&page=1
which provides more options.
We’ve changed our 3 scripts above (step 2) to use the ipfw commands from the mentioned guide (with ‘table 10’), but since they use the /root/blocked_ips.txt file, they also support the dateblocked feature, thus can be used for the auto-unblock option.