How to block IPs with Brute Force Monitor in DirectAdmin using CSF

First of all follow this guide "I wish to have a block_ip.sh so I can block IPs through DirectAdmin" from official Directadmin Help System.

As soon as you finish with the guide, to make the scripts compatible with CSF you should apply the following modifications to block_ip.sh and unblock_ip.sh, the both are located in /usr/local/directadmin/scripts/custom/:

Code:

cd /usr/local/directadmin/scripts/custom/
cp block_ip.sh block_ip.sh.bak
cp unblock_ip.sh unblock_ip.sh.bak


Then open block_ip.sh in editor and find lines:

Code:

echo "Blocking $ip ...<br>";
echo "$ip=dateblocked=`date +%s`" >> $BF;

echo "Restarting iptables ...<br>";
/etc/init.d/iptables restart


and replace them with

Code:

echo "$ip=dateblocked=`date +%s`" >> $BF;

if [ -x "/etc/csf/csf.pl" ]; then
    echo "Found csf instaled, so blocking $ip with it<br>";
    /etc/csf/csf.pl -d $ip
else
    echo "Blocking $ip and restarting iptables ...<br>";
    /etc/init.d/iptables restart
fi;


Save changes, and quit editing the file.

Then open unblock_ip.sh in editor and find lines:

Code:

echo "Restarting iptables ...<br>";
/etc/init.d/iptables restart


and replace them with the following ones:

Code:

if [ -x "/etc/csf/csf.pl" ]; then
    echo "Found csf instaled, so unblocking $ip with it<br>";
    /etc/csf/csf.pl -dr $ip
else
    echo "Unblocking $ip and restarting iptables ...<br>";
    /etc/init.d/iptables restart
fi;


Save changes, and quit editing the file.

Now you’ve got Directadmin which will automatically block IPs of attackers with CSF.

Permanent link on this How-To