Protecting your DirectAdmin login page is an important step to secure your server from unauthorized access. Here are some steps you can take to protect your DirectAdmin login page:
Use SSL: Ensure that you are using SSL to encrypt the login page. This will protect the credentials from being intercepted during the transmission. You can install an SSL certificate on your server or use a free Let’s Encrypt SSL certificate.
Change the default port: Change the default port number of the DirectAdmin login page from port 2222 to a custom port number. This will prevent automated bots from easily discovering the login page and attempting to brute-force it. You can do this by editing the configuration file at /usr/local/directadmin/conf/directadmin.conf and changing the port number.
Use a strong password: Use a strong password for your DirectAdmin account. A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.
Use a firewall: Use a firewall to restrict access to the DirectAdmin login page to only authorized IP addresses. You can configure a firewall using the iptables command or a graphical firewall application like UFW or FirewallD.
Enable Two-Factor Authentication (2FA): DirectAdmin has an option to enable Two-Factor Authentication for additional security. This will require a second form of authentication (such as a token generated by an app on your phone) in addition to your password to log in.
By following these steps, you can greatly improve the security of your DirectAdmin login page and protect your server from unauthorized access.
How to protect with reCaptcha invisible V3?
You can protect your DirectAdmin login page with reCaptcha invisible V3 by following these steps:
1 Register your website: First, you need to register your website with Google reCaptcha to get the Site Key and Secret Key. Go to the reCaptcha admin console at https://www.google.com/recaptcha/admin/create and follow the prompts to register your website.
2 Add the reCaptcha code: Once you have the Site Key and Secret Key, you need to add the reCaptcha code to your DirectAdmin login page. Edit the file at /usr/local/directadmin/data/templates/login.html and add the following code just before the login form:
Replace “YOUR_SITE_KEY” with your Site Key obtained from the reCaptcha admin console.
3 Verify the reCaptcha token: Once the user submits the login form, you need to verify the reCaptcha token on the server side. Add the following code to the file at /usr/local/directadmin/data/skins/enhanced/login/login.php just before the authentication code:
Replace “YOUR_SECRET_KEY” with your Secret Key obtained from the reCaptcha admin console.
By following these steps, you can add reCaptcha invisible V3 protection to your DirectAdmin login page, which will help prevent automated bots from logging in to your server.
How to protect with reCaptcha invisible V3? 2nd way
To protect your DirectAdmin login page with reCAPTCHA invisible V3, you need to follow these steps:
1 Get reCAPTCHA API keys: Go to the Google reCAPTCHA website and register your site to get the API keys. You will need to provide the domain name and select the reCAPTCHA type as “Invisible reCAPTCHA”.
2 Add reCAPTCHA API keys to DirectAdmin: Login to your DirectAdmin control panel and go to “Custom HTTPD Configurations”. Add the following lines to the configuration file:
Replace “your-domain.com” with your own domain name and “127.0.0.1:2222” with your DirectAdmin IP and port.
3 Add reCAPTCHA script to login page: Edit the DirectAdmin login page template file (/usr/local/directadmin/data/templates/login.html) and add the following script before the tag:
Replace “[SITE_KEY]” with your reCAPTCHA API site key.
4 Test the reCAPTCHA: Log out of DirectAdmin and go to the login page. You should see the reCAPTCHA badge at the bottom right corner of the page. Login with incorrect credentials and you should see a reCAPTCHA challenge. Login with the correct credentials and you should be redirected to the DirectAdmin control panel.
By following these steps, you can protect your DirectAdmin login page with reCAPTCHA invisible V3 and prevent automated bots from brute-forcing your login credentials.
How to enable fail2ban in DirectAdmin?
To enable fail2ban in DirectAdmin, you need to follow these steps:
1 Install fail2ban: Log in to your server as root and install fail2ban using the package manager of your Linux distribution. For example, if you are using CentOS, you can install fail2ban using the command:
2 Configure fail2ban: Create a new configuration file for DirectAdmin in the “/etc/fail2ban/jail.d” directory. For example, you can create a file named “directadmin.conf” and add the following configuration:
This configuration will enable the DirectAdmin filter, set the log path to “/var/log/directadmin/error.log”, and ban IP addresses that fail to log in more than 3 times within an hour (3600 seconds).
3 Create fail2ban filter: Create a new filter file for DirectAdmin in the “/etc/fail2ban/filter.d” directory. For example, you can create a file named “directadmin.conf” and add the following filter:
This filter will match DirectAdmin login attempts and extract the IP address of the client.
4 Restart fail2ban: Restart the fail2ban service to apply the changes:
systemctl restart fail2ban
By following these steps, you can enable fail2ban in DirectAdmin and protect your server from brute-force attacks on the DirectAdmin login page. Fail2ban will monitor the DirectAdmin log files for failed login attempts and ban IP addresses that exceed the configured threshold.