The Direct Admin control comes with the Brute Force Attack Monitor where it will block the attacker ip from accessing the control panel at port 2222.

If there’s a lot of failure login to access the control panel, the user IP will be blacklisted as well and it will be released after a certain time (depending on your configuration in the Direct Admin control panel).

If you wish to remove the ip blacklist immediately, you will need to perform the following:

Step 1 : SSH to the server

Step 2 : Edit the file

vi /usr/local/directadmin/data/admin/ip_blacklist

save it and restart the Direct Admin service

/etc/init.d/directadmin restart
Was this article helpful?
Thank you!