|You should be running a firewall.|
The firewalls that come with your system don't usually have the required ports open, nor to they have the ability to automatically block attacking IPs.
Most people use one of two options:
1) The free plugin called CSF is a popular choice:
2) Alternatively, we provide a free iptables script for the Brute Force Monitor (BFM), including several scripts to link it with DA such that DA can monitor and act on attacks, blocking IPs.
3) Both: If you decide to use CSF, there are a set of scripts which can be used to link the BFM to CSF, so you get the best of both. It will use the iptables configuration, and all features of CSF, plus the added benefit of the BFM to find some extra cases which triggers the blocks using CSF.
Fast version of the above guide:
For FTP with TLS, you must explicitly tell iptables to open ports 35000-35999 because the ip_conntrack_ftp cannot decrypt the ftp data port, so can't open it on the fly.
For CSF: http://forum.directadmin.com/showthread.php?t=50759&p=262589#post262589
For block_ip/iptables: http://forum.directadmin.com/showthread.php?t=50759&p=262346#post262346
|What ports do I need to open in my firewall?|
|I wish to have a block_ip.sh so I can block IPs through DirectAdmin|
|I trust my brute force attack blocking system, I don't need to see all of the BFM messages.|
© 2003 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST