I've used WHM with CSF/LFD for many years and just recently made the switch to DirectAdmin.
I've got CSF/LFD installed but I'm having difficulty understanding how Brute Force Monitor and LFD work in DA.
In WHM, I would set LFD to block an IP after X unsuccessful logins or a distributed attack for which is receive an email notifying me. Pretty straight forward and worked very well.
In DA, the behaviour appears to be different. BFM is reporting many unsuccessful logins to various accounts but the number of actual blocks in LFD/CSF is minimal. I've gone through the settings and have them set to what I believe is similar to my old set up (5 unsuccessful logins) but it doesn't seem to be working correctly.
Am I misunderstanding how this works or is it possible there's a bug?
LFD in DirectAdmin
Re: LFD in DirectAdmin
Turns out it's as simple as disabling brute_force_log_scanner in directadmin.conf