DirectAdmin BFM custom filters

Using it with CSF, there’s a guide on their forum.

But if you want to block Piwigo attempts, copy “/usr/local/directadmin/data/templates/brute_filter.list” to “/usr/local/directadmin/data/templates/custom/brute_filter.list”.

Then add the below to it:

wordpress-piwigo1=ip_after=&ip_until= -&text=] "POST /&text2=/identification.php&text3=" 200%20
wordpress-piwigo2=ip_after=&ip_until= -&text=] "POST /&text2=/ws.php&text3=" 200%20
wordpress-piwigo3=ip_after=&ip_until= -&text=] "POST /&text2=/identification.php&text3=" 302%20&count_multiplier=4
wordpress-piwigo4=ip_after=&ip_until= -&text=] "POST /&text2=/ws.php&text3=" 302%20

You need wordpress in the filter name, if you want it to look in the HTTP log. I had just “piwigo”, and it didn’t do anything.

It might be slower then using LFD directly. I should probably disable LFD, BFM is supposed to log SSH too. They can just be blocked twice, I don’t care. There’s a delay when logging in for it to show up in the log, just posting, rather it’s a successful log or not, will show up, if it redirects, you get 0.25 attempts at logging in.

wordpress-zenphoto1=ip_after=&ip_until= -&text=] "POST /&text2=/zp-core/admin.php&text3=" 200%20
wordpress-zenphoto2=ip_after=&ip_until= -&text=] "POST /&text2=/zp-core/admin.php&text3=" 302%20&count_multiplier=4

There’s Zenphoto. Now I just need to restore my other blog, and add a filter for that too.

If you sell hosting, you probably don’t want to do that. I wouldn’t even use the WordPress only protection, just use the services, that probably say if the login failed or not.

Good thing my IP is on the skip list. Textpattern doesn’t redirect after logging in, and it uses the page you login, for posting. So every time you post, it shows up in the BFM, it shouldn’t actually block me though.