DirectAdmin includes a built-in Brute Force Monitor (BFM). While excellent for security, it can flood your inbox with hundreds of "Brute Force Attack detected" emails per day on a busy server.
You can disable these email notifications without disabling the actual protection. The monitor will continue to block IPs in the background, but it will stop spamming your mailbox.
Step-by-step Guide
To change this setting, you need to edit the main DirectAdmin configuration file via SSH.
- Log in to your VPS via SSH as
root. - Navigate to the configuration directory:
cd /usr/local/directadmin/conf/ - Open the
directadmin.conffile with your preferred editor (e.g., nano or vi):nano directadmin.conf - Add the following line to the bottom of the file:
hide_brute_force_notifications=1 - Save and close the file (In nano:
Ctrl+O,Enter,Ctrl+X). -
Restart DirectAdmin to apply the changes:
systemctl restart directadmin
Alternative: Addressing the Root Cause
Instead of just hiding the notifications, you can reduce the number of attacks reaching your server.
Tip: Change your SSH Port
Most brute force attacks target the default SSH port (22). Changing this to a custom port (e.g., 2222) drastically reduces the noise.
Remember to update your firewall (CSF/FirewallD) before logging out!
Most brute force attacks target the default SSH port (22). Changing this to a custom port (e.g., 2222) drastically reduces the noise.
Remember to update your firewall (CSF/FirewallD) before logging out!
We also recommend ensuring Fail2Ban or CSF (ConfigServer Security & Firewall) is installed and configured to automatically ban these IPs permanently.