Home > 虚拟主机控制面板 > Directadmin如何屏蔽ip阻止Brute Force Attack

Directadmin如何屏蔽ip阻止Brute Force Attack

自从安装了DA面板后,Brute Force Attack暴力破解DA后台密码就没有停止过,或许见多了就不怪了,但是老是收到诸如此类的信息:Brute-Force Attack detected in service log from IP(s),总不是一件让人很愉快的事儿。
directadmin官方有教程,如何屏蔽ip阻止Brute ForceAttack

1)The first part of thie guide will outline how to setup the actual firewall for the block_ip.sh to use.  Note that we’re not able to offer any support for this setup, so use it at your own risk.    Also, this file is written for a CentOS/Fedora type system and has not been tested on Debian or FreeBSD (it may work on Debian, not sure).

cd /etc/init.d
mv iptables iptables.backup
wget http://files1.directadmin.com/services/all/iptables
chmod 755 iptables

*** Note that it opens ssh on port 22, so make sure you either change it manually, or have physical access to your server if you’re running ssh on some other port.
You’ll want to test this out to ensure it works for you:

/etc/init.d/iptables restart

to make sure you can still connect to everything ok.  If not, you may need to head to the datacenter to shut it off (partly why we don’t offer support for firewalls)
2) The second step is to install the block_ip.sh so you can create a file that lists the IPs to be blocked.   A sample block_ip.sh can be found here.
To install this file, type:

cd /usr/local/directadmin/scripts/custom
wget http://files1.directadmin.com/services/all/block_ip.sh
wget http://files1.directadmin.com/services/all/show_blocked_ips.sh
wget http://files1.directadmin.com/services/all/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

This should activate the button in DA at:
Admin Level -> Brute Force Monitor -> IP Info -> Block IP
This particular block_ip.sh script will check to ensure that the IP you’re blocking does not already exist in the list.
It will also generate the output from “iptables -nL” which should show you everything that is current blocked in the list. (iptables -nL is also output in the event the IP is already blocked, so you can see your iptables list without doing anything)
3)Create the empty block list and exempt list files:

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt

4)This last step is optional and should only be used after you’ve tested the above setup for a while to get comfortable that you’re not going to block yourself.   The block_ip.sh is only used for an active “click” by the Admin, it does not automate blocking.  To automate blocking, create:


and in that script, add:

ip=$value $SCRIPT
exit $?;

and chmod the brute_force_notice_ip.sh to 700.

If you’re running FreeBSD with ipfw, you’d skip steps 2 and 3, and instead, add the following code to the file:

echo “Blocking $ip with ipfw …<br>”;
ipfw add deny ip from $ip to any
exit $?

and don’t forget to chmod the block_ip.sh to 755.

若非注明,本博客内容均为原创或翻译自Linode Library,教程默认Centos为linux发行版,转载请注明转自linode中文教程www.linode.im。linode中文教程QQ群:185393826,一起讨论linode及linux,linode中文教程、linode代购、linode合租、linode推介、linode返佣、linode优惠。日本VPS、美国VPS、海外独立服务器代购均在linode.im。

  1. No comments yet.
  1. No trackbacks yet.