Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

How to restrict directadmin login to country?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to restrict directadmin login to country?

lowfanlowfan Member
in General

How to restrict Directadmin login to one country only?

Comments

  • LeonDynamicLeonDynamic Member
    edited September 2020

    Use CSF to block access to the port and then CC allow one country

    CC_ALLOW_PORTS = COUNTRY
    CC_ALLOW_PORTS_TCP = PORT
    CC_ALLOW_PORTS_UDP = PORT

    Just remember the CC codes are ISO 3166-1 alpha-2. Save and restart CSF

    Thanked by 3lowfan Aidan truweb
  • RickBakkrRickBakkr Member, Patron Provider, LIR

    Just use a login_pre.sh script to validate caller ip. Would be waaaayy more neat to use native DA features over 3rd party shit csf (also isnt a DA thing per se)

    Thanked by 1vero
  • verovero Member, Host Rep

    @RickBakkr said:
    Would be waaaayy more neat to use native DA features over 3rd party shit csf (also isnt a DA thing per se)

    Nothing's wrong to block IP at network (iptables) level and not on application (DA), less load on server.

  • LeonDynamicLeonDynamic Member

    @RickBakkr said:
    Just use a login_pre.sh script to validate caller ip. Would be waaaayy more neat to use native DA features over 3rd party shit csf (also isnt a DA thing per se)

    Yes the login_pre script is great for restricting access to set IPs but doesn’t work for a whole country

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    @LeonDynamic said:

    @RickBakkr said:
    Just use a login_pre.sh script to validate caller ip. Would be waaaayy more neat to use native DA features over 3rd party shit csf (also isnt a DA thing per se)

    Yes the login_pre script is great for restricting access to set IPs but doesn’t work for a whole country

    In the end CSF or anything would use an IP set to compare against. Just make a php script hook a maxmind db and judge country that way. That’s how one would do it in DA (as per the question). Whether it is most efficient, is the question...

  • JamesFJamesF Member, Host Rep

    I wish they would do an email notification When logged in as admin.

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    @experttechit said: I wish they would do an email notification When logged in as admin.

    login_post.sh is your best friend (is called after succesful login). While not tested, it should be something along the lines of;

    #!/bin/bash  
if [ "${username}" = "admin" ]; then
   mail -s 'Admin Login Alert' [email protected] << "Someone with IP ${ip} signed onto account ${username}"
fi
exit 0;
    Thanked by 1smtalk
  • JamesFJamesF Member, Host Rep

    Thanks, where would this go?

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    @experttechit said:
    Thanks, where would this go?

    /usr/local/directadmin/scripts/custom/

    If you are not using scripts in DA yet, you are likely not using it right ;-)

Sign In or Register to comment.