自从安装了DA面板后,Brute Force Attack暴力破解DA后台密码就没有停止过,或许见多了就不怪了,但是老是收到诸如此类的信息:Brute-Force Attack detected in service log from IP(s) 106.187.43.249,总不是一件让人很愉快的事儿。

directadmin官方有教程,如何屏蔽ip阻止Brute ForceAttack

http://help.directadmin.com/item.php?id=380

以下我将官方的教程汉化下:
1)第一步,配置iptables,让block_ip.sh生效,DA官方的iptables文件适用于CentOS/Fedora,目前没有在Debian或者FreeBSD上测试,或许支持,或许不知道debian/FreeBSD。

cd /etc/init.d
mv iptables iptables.backup
wget?http://files1.directadmin.com/services/all/iptables
chmod 755 iptables*** 注意,ipables默认开启的ssh端口是22,如果你的ssh端口不是22,请手动修改iptables设置。

*** 注意,ipables默认开启的ssh端口是22,如果你的ssh端口不是22,请手动修改iptables设置。启动iptables:

/etc/init.d/iptables restart

2)?第二步,安装block_ip.sh脚本,block_ip.sh格式可以在found here找到?.

cd /usr/local/directadmin/scripts/custom
wget?http://files1.directadmin.com/services/all/block_ip.sh
wget?http://files1.directadmin.com/services/all/show_blocked_ips.sh
wget?http://files1.directadmin.com/services/all/unblock_ip.sh
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

3)创建blocked_ips文本:

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt

去DA后台操作下Home–>Brute Forece Monitor–>IP info–>Blcok this IP.

 

4)自动封IP:

vi /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh

添加内容:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

chmod 700 brute_force_notice_ip.sh


以下是FreeBSD相关:

If you’re running?FreeBSD?with ipfw, you’d skip steps?2?and?3, and instead, add the following code to the file:

/usr/local/directadmin/scripts/custom/block_ip.sh
#!/bin/sh
echo “Blocking $ip with ipfw …<br>”;
ipfw add deny ip from $ip to any
exit $?

and don’t forget to chmod the block_ip.sh to 755.

首页

No Comments Now!

Be the first to comment on this entry.

留下评论

姓名(必填)
Mail (必填),(will not be published)
站点(recommended)

Fields in bold are required. Email addresses are never published or distributed.

Some HTML code is allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
URLs must be fully qualified (eg: http://www.hexiaoqun.com),and all tags must be properly closed.

Line breaks and paragraphs are automatically converted.

Please keep comments relevant. Off-topic, offensive or inappropriate comments may be edited or removed.