{"id":5077,"date":"2026-03-30T20:50:32","date_gmt":"2026-03-30T23:50:32","guid":{"rendered":"https:\/\/helpsysadmin.com.br\/blog\/?p=5077"},"modified":"2026-04-27T22:55:25","modified_gmt":"2026-04-28T01:55:25","slug":"proteger-directadmin-contra-ataques","status":"publish","type":"post","link":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/","title":{"rendered":"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026"},"content":{"rendered":"<div id=\"helps-833220450\" class=\"helps-before-content-2 helps-entity-placement\"><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3661896953164277\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- 2anuncios display quadrado -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3661896953164277\"\r\n     data-ad-slot=\"5051229894\"\r\n     data-ad-format=\"auto\"\r\n     data-full-width-responsive=\"true\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><\/div>\n<p id=\"h-\">O DirectAdmin \u00e9 um dos pain\u00e9is de controle de hospedagem web mais eficientes, leve e popular do mercado. No entanto, sua grande ado\u00e7\u00e3o mundial tamb\u00e9m o torna um alvo constante para cibercriminosos, botnets e scripts automatizados que varrem a internet em busca de vulnerabilidades 24 horas por dia. Se voc\u00ea administra servidores, saber como <strong>proteger DirectAdmin<\/strong> n\u00e3o \u00e9 apenas um diferencial, \u00e9 uma obriga\u00e7\u00e3o para garantir a integridade dos dados dos seus clientes.<\/p>\n\n\n\n<p>Um servidor mal configurado pode ser comprometido rapidamente, resultando em roubo de dados, minera\u00e7\u00e3o de criptomoedas e perda da reputa\u00e7\u00e3o do IP. Para <strong>proteger DirectAdmin<\/strong> de forma eficaz, n\u00e3o basta instalar um antiv\u00edrus b\u00e1sico. \u00c9 necess\u00e1rio aplicar uma abordagem em camadas, conhecida como <em>Defense in Depth<\/em> (Defesa em Profundidade). Nesta primeira parte do nosso guia de mais de 2000 palavras, focaremos em fechar as portas principais e estabelecer a funda\u00e7\u00e3o de seguran\u00e7a do seu servidor.<\/p>\n\n\n\n<p>Antes de aplicar medidas de seguran\u00e7a, \u00e9 fundamental entender toda a estrutura do servidor. Para isso, veja o <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/guia-completo-directadmin-administradores\/\">guia completo do DirectAdmin para administradores<\/a><\/strong>, onde abordamos configura\u00e7\u00e3o, seguran\u00e7a e boas pr\u00e1ticas.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-hardening-do-servico-ssh-a-porta-de-entrada\">1. Hardening do Servi\u00e7o SSH (A Porta de Entrada)<\/h3>\n\n\n\n<p>O Secure Shell (SSH) \u00e9 a principal forma de administrar seu servidor via linha de comando. Como ele oferece controle total sobre a m\u00e1quina, \u00e9 o alvo n\u00famero um de ataques de for\u00e7a bruta. O primeiro passo para <strong>proteger DirectAdmin<\/strong> \u00e9 blindar o acesso SSH, que muitas vezes \u00e9 a porta de entrada para invas\u00f5es.<\/p>\n\n\n\n<p>Para mitigar isso, edite o arquivo de configura\u00e7\u00e3o principal: <code>\/etc\/ssh\/sshd_config<\/code>.<\/p>\n\n\n\n<p><strong>1.1. Alterar a porta padr\u00e3o (Porta 22)<\/strong> A maioria dos scripts de ataque procura exclusivamente a porta 22. Alterar a porta reduz o ru\u00eddo de fundo drasticamente.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Abra o arquivo: <code>nano \/etc\/ssh\/sshd_config<\/code><\/li>\n\n\n\n<li>Localize a linha <code>#Port 22<\/code> ou <code>Port 22<\/code>.<\/li>\n\n\n\n<li>Altere para uma porta alta (ex: <code>Port 49228<\/code>). <strong>Lembre-se de liberar esta porta no firewall antes de reiniciar o servi\u00e7o e testar login com nova porta.<\/strong> Para o Firewall CSF, insira a porta em TCP_IN TCP_OUT<\/li>\n<\/ul>\n\n\n\n<p><strong>1.2. Desativar o login direto como Root<\/strong> . Ao <strong>proteger DirectAdmin<\/strong>, nunca deixe o usu\u00e1rio <code>root<\/code> exposto.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Crie um usu\u00e1rio comum: <code>useradd admin_sec<\/code> e defina uma senha forte com <code>passwd admin_sec<\/code>.<\/li>\n\n\n\n<li><strong>Adicione o usu\u00e1rio ao grupo&nbsp;<code>wheel no almalinux\/rock <a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-instalar-crowdsec\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Como instalar Crowdsec\" target=\"_blank\" rel=\"noopener\">linux<\/a>\/ ou RHEL<\/code><\/strong>: <code>usermod -aG wheel<\/code> <code>admin_sec<\/code><\/li>\n\n\n\n<li>Alterne para o novo usu\u00e1rio e teste um comando sudo:  <code>su -<\/code> <code>admin_sec<\/code>; <code>sudo whoami<\/code><\/li>\n\n\n\n<li>No arquivo <code>sshd_config<\/code>, altere a linha para: <code>PermitRootLogin prohibit-password<\/code>.<\/li>\n\n\n\n<li>Veja o artigo: <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/ssh-seguro-alem-da-porta\/\" target=\"_blank\" rel=\"noreferrer noopener\">SSH seguro al\u00e9m de mudar a porta<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>1.3. Utilizar Autentica\u00e7\u00e3o por Chaves SSH<\/strong> Senhas podem ser quebradas; chaves criptogr\u00e1ficas RSA de 4096 bits s\u00e3o praticamente inquebr\u00e1veis. No <code>sshd_config<\/code>, defina <code>PasswordAuthentication no<\/code> para for\u00e7ar o uso de chaves. Reinicie o servi\u00e7o com <code>systemctl restart sshd<\/code>. Lembre-se de manter uma sess\u00e3o aberta antes de testar uma nova conex\u00e3o.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-gestao-de-atualizacoes-com-custombuild-2-0\">2. Gest\u00e3o de Atualiza\u00e7\u00f5es com CustomBuild 2.0<\/h3>\n\n\n\n<p>Um dos maiores vetores de ataque s\u00e3o softwares desatualizados. Uma das melhores formas de <strong>proteger DirectAdmin<\/strong> \u00e9 manter os servi\u00e7os rodando em suas vers\u00f5es mais seguras usando a ferramenta <strong>CustomBuild 2.0<\/strong>.<\/p>\n\n\n\n<p><strong>2.1. Atualizando os componentes b\u00e1sicos<\/strong> Execute os seguintes comandos como root para atualizar os pacotes (PHP, Apache, MySQL, Exim):<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>cd \/usr\/local\/directadmin\/custombuild\n.\/build update\n.\/build all d<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">custombuild<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">update<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">all<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">d<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><strong>2.2. Automatizando as atualiza\u00e7\u00f5es de seguran\u00e7a<\/strong> Edite o arquivo <code>\/usr\/local\/directadmin\/custombuild\/options.conf<\/code> e certifique-se de ativar cron jobs e notifica\u00e7\u00f5es para receber alertas sempre que uma vulnerabilidade for corrigida.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-instale-e-configure-crowdsec\">3. Instale e configure Crowdsec.<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.crowdsec.net\/\" target=\"_blank\" rel=\"noreferrer noopener\">CrowdSec<\/a>&nbsp;\u00e9 um software de seguran\u00e7a de c\u00f3digo aberto projetado para proteger sistemas contra ataques cibern\u00e9ticos. Ele utiliza uma abordagem baseada em multid\u00e3o (crowdsourcing) para coletar informa\u00e7\u00f5es sobre atividades maliciosas e distribuir essa intelig\u00eancia para proteger outros sistemas.<\/p>\n\n\n\n<p>O&nbsp;<a href=\"https:\/\/helpsysadmin.com.br\/blog\/fail2ban-vs-crowdsec-em-producao\/\" target=\"_blank\" rel=\"noreferrer noopener\">CrowdSec<\/a>&nbsp;monitora e analisa registros de eventos de seguran\u00e7a em tempo real, como logs de autentica\u00e7\u00e3o, registros de firewall e outros dados relevantes. Com base nessa an\u00e1lise, ele identifica padr\u00f5es e comportamentos suspeitos, incluindo tentativas de login mal-sucedidas, explora\u00e7\u00e3o de vulnerabilidades e ataques de for\u00e7a bruta.<br><strong>Veja aqui:<\/strong> <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-instalar-crowdsec\/\" target=\"_blank\" rel=\"noreferrer noopener\">Como instalar Crowdsec<\/a><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-instalacao-e-configuracao-avancada-do-csf-configserver-security-amp-firewall\">4. Instala\u00e7\u00e3o e Configura\u00e7\u00e3o Avan\u00e7ada do CSF (ConfigServer Security &amp; Firewall)<\/h3>\n\n\n\n<p>O iptables padr\u00e3o do Linux \u00e9 robusto, mas o CSF (ConfigServer Security &amp; Firewall) \u00e9 a solu\u00e7\u00e3o definitiva para servidores de hospedagem. Para <strong>proteger DirectAdmin<\/strong> adequadamente contra ataques de nega\u00e7\u00e3o de servi\u00e7o e escaneamento de portas, o CSF \u00e9 indispens\u00e1vel.<\/p>\n\n\n\n<p>4<strong>.1. Instala\u00e7\u00e3o do CSF<\/strong>. Veja o artigo <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/csf-firewall-directadmin\/\" target=\"_blank\" rel=\"noreferrer noopener\">CSF Firewall no DirectAdmin: Como Configurar<\/a><\/strong>. <\/p>\n\n\n\n<p>4<strong>.2. Configura\u00e7\u00f5es Cr\u00edticas do CSF<\/strong> No arquivo <code>\/etc\/csf\/csf.conf<\/code> ou pela interface gr\u00e1fica do painel:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Desative o Modo de Teste:<\/strong> Mude <code>TESTING = \"1\"<\/code> para <code>TESTING = \"0\"<\/code>.<\/li>\n\n\n\n<li><strong>Prote\u00e7\u00e3o contra Port Scans:<\/strong> Ative o <code>PS_INTERVAL<\/code> e o <code>PS_LIMIT<\/code> para bloquear IPs maliciosos automaticamente.<\/li>\n\n\n\n<li><strong>Preven\u00e7\u00e3o de SYN Flood:<\/strong> Ative <code>SYNFLOOD = \"1\"<\/code> para <strong>proteger DirectAdmin<\/strong> contra ataques DoS que visam derrubar o servidor web.<\/li>\n<\/ul>\n\n\n\n<p>Com essas configura\u00e7\u00f5es iniciais, voc\u00ea j\u00e1 construiu um muro alto em volta do seu servidor.<\/p>\n\n\n\n<p>Muitos ataques exploram falhas de configura\u00e7\u00e3o do servidor. Para entender melhor como evitar isso, confira o <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/guia-completo-directadmin-administradores\/\">DirectAdmin para administradores<\/a><\/strong>.<\/p>\n\n\n\n<p>Uma das formas mais eficientes de bloquear ataques \u00e9 utilizar firewall avan\u00e7ado. Veja como <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/csf-firewall-directadmin\/\" target=\"_blank\" rel=\"noreferrer noopener\">configurar CSF no DirectAdmin<\/a><\/strong> corretamente.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-parte-2\">Parte 2<\/h2>\n\n\n\n<p>Na primeira etapa deste artigo, focamos em construir muros altos ao redor do seu servidor, restringindo acessos e configurando o firewall de rede (CSF). No entanto, para <strong>proteger DirectAdmin<\/strong> de amea\u00e7as mais sofisticadas que utilizam portas leg\u00edtimas (como a porta 443 do HTTPS), precisamos de mecanismos de Defesa Ativa e Preven\u00e7\u00e3o de Intrus\u00f5es.<\/p>\n\n\n\n<p>Nesta segunda parte, vamos <a href=\"https:\/\/helpsysadmin.com.br\/blog\/configurar-login-automatico-phpmyadmin\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"Como Configurar Login Autom\u00e1tico no phpMyAdmin via DirectAdmin\">configurar<\/a> o monitoramento de for\u00e7a bruta do pr\u00f3prio painel, implementar um Firewall de Aplica\u00e7\u00e3o Web (WAF) e estabelecer varreduras contra malwares.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-configuracao-do-brute-force-monitor-bfm-nativo\">5. Configura\u00e7\u00e3o do Brute Force Monitor (BFM) Nativo<\/h3>\n\n\n\n<p>O DirectAdmin possui um recurso nativo incrivelmente poderoso chamado <strong>Brute Force Monitor (BFM)<\/strong>. Ele analisa os logs do painel, do servidor de e-mail (Exim\/Dovecot), do FTP (ProFTPd\/Pure-FTPd) e do SSH em busca de repetidas falhas de login.<\/p>\n\n\n\n<p>Apenas ativar o BFM n\u00e3o bloqueia os atacantes; ele apenas os detecta e alerta o administrador. Para <strong>proteger DirectAdmin<\/strong> de forma automatizada, precisamos integrar o BFM com o firewall CSF que instalamos na Parte 1.<\/p>\n\n\n\n<p><strong>5.1. Ativando o BFM no Painel<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Acesse o DirectAdmin como administrador (<code>Admin Level<\/code>).<\/li>\n\n\n\n<li>V\u00e1 em <strong>Administrator Settings<\/strong> (Configura\u00e7\u00f5es do Administrador) -&gt; <strong>Security<\/strong> (Seguran\u00e7a).<\/li>\n\n\n\n<li>Certifique-se de que a op\u00e7\u00e3o &#8220;Enable Brute Force Monitor&#8221; esteja ativada. Verifique se Brute force log scanner &gt;&gt; Enable brute force log scanner est\u00e1 ativada.<\/li>\n\n\n\n<li>Ajuste o n\u00famero de tentativas de login falhas para um valor baixo, como 10 ou 20, antes que o IP seja notificado.<\/li>\n<\/ul>\n\n\n\n<p><strong>5.2. Integrando o BFM com o CSF<\/strong> Para que o CSF bloqueie automaticamente os IPs detectados pelo BFM, precisamos usar os scripts oficiais fornecidos pela comunidade do DirectAdmin. Execute no terminal SSH como root:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>cd \/usr\/local\/directadmin\/scripts\/custom\nwget https:\/\/raw.githubusercontent.com\/poralix\/directadmin-bfm-csf\/master\/block_ip.sh\nwget https:\/\/raw.githubusercontent.com\/poralix\/directadmin-bfm-csf\/master\/unblock_ip.sh\nchmod 700 block_ip.sh unblock_ip.sh<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">scripts<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">custom<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">wget<\/span><span style=\"color: #D8DEE9FF\"> https<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #616E88\">\/\/raw.githubusercontent.com\/poralix\/directadmin-bfm-csf\/master\/block_ip.sh<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">wget<\/span><span style=\"color: #D8DEE9FF\"> https<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #616E88\">\/\/raw.githubusercontent.com\/poralix\/directadmin-bfm-csf\/master\/unblock_ip.sh<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">chmod<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">700<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">block_ip<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9\">sh<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">unblock_ip<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9\">sh<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p>A partir desse momento, qualquer bot que tentar adivinhar a senha de um e-mail hospedado no seu servidor ser\u00e1 sumariamente banido no firewall pelo script <code>block_ip.sh<\/code>. Essa \u00e9 uma das configura\u00e7\u00f5es mais cr\u00edticas para <strong>proteger DirectAdmin<\/strong> contra o sequestro de contas.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-6-implementacao-de-web-application-firewall-waf-com-modsecurity\">6. Implementa\u00e7\u00e3o de Web Application Firewall (WAF) com ModSecurity<\/h3>\n\n\n\n<p>O firewall CSF bloqueia IPs e portas, mas n\u00e3o entende o conte\u00fado que passa pelo protocolo HTTP\/HTTPS. Se um hacker tentar injetar um c\u00f3digo SQL (SQL Injection) ou explorar uma falha no WordPress de um cliente atrav\u00e9s da porta 443, o CSF n\u00e3o far\u00e1 nada. \u00c9 aqui que entra o ModSecurity.<\/p>\n\n\n\n<p>O ModSecurity atua como um inspetor de bagagens. Ele analisa cada requisi\u00e7\u00e3o web e a compara com o conjunto de regras da OWASP (Open Web Application Security Project).<\/p>\n\n\n\n<p><strong>6.1. Instalando o ModSecurity via CustomBuild<\/strong> Mais uma vez, a ferramenta CustomBuild torna a tarefa de <strong>proteger DirectAdmin<\/strong> extremamente simples. Execute os comandos abaixo para compilar e ativar o ModSecurity:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>cd \/usr\/local\/directadmin\/custombuild\n.\/build set modsecurity yes\n.\/build set modsecurity_ruleset owasp\n.\/build modsecurity\n.\/build modsecurity_rules<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">custombuild<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">modsecurity<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">yes<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">modsecurity_ruleset<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">owasp<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">modsecurity<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">modsecurity_rules<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p><strong>6.2. Ajuste Fino e Falsos Positivos<\/strong> Ap\u00f3s a instala\u00e7\u00e3o, o ModSecurity pode bloquear algumas a\u00e7\u00f5es leg\u00edtimas de usu\u00e1rios (falsos positivos), especialmente em pain\u00e9is administrativos de CMS como o WordPress.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>O DirectAdmin possui uma interface visual para gerenciar o ModSecurity em <strong>Server Manager<\/strong> -&gt; <strong>ModSecurity<\/strong>.<\/li>\n\n\n\n<li>Se um cliente relatar erro 403 (Forbidden) ao salvar um post, voc\u00ea pode acessar essa interface, localizar a regra que bloqueou a a\u00e7\u00e3o pelo IP do cliente e desativar aquela regra espec\u00edfica (ID da regra) apenas para o dom\u00ednio em quest\u00e3o.<\/li>\n<\/ul>\n\n\n\n<p>No Directadmin \u00e9 poss\u00edvel desativar uma regra atrav\u00e9s da conta admin no painel. Abaixo enviamos algumas regras que geram falso positivo e podem ser desativadas.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Acesse o directadmin utilizando sua conta admin.<\/li>\n\n\n\n<li>Clique em Gerenciamento do servidor &gt;&gt; Modsecurity<\/li>\n\n\n\n<li>clique no bot\u00e3o Default Configuration<\/li>\n\n\n\n<li>Abaixo do campo Excluded rules voc\u00ea ver\u00e1 ID da regra. Adicione a regra que deseja desativar e a seguir clique no bot\u00e3o Adicionar exclus\u00e3o. Clique no bot\u00e3o Salvar configura\u00e7\u00e3o. Abaixo enviamos algumas regras que geram falso positivos e podem ser desativadas.<\/li>\n<\/ul>\n\n\n\n<p>As IDS das regras que desejamos desativar s\u00e3o:<br>921130<br>941100<br>941160<br>920420<br>941130<br>941140<br>941180<br>941190<br>941250<br>941260<br>932370<br>942290<br>930130<br>933150<\/p>\n\n\n\n<p>Ap\u00f3s salvar as configura\u00e7\u00f5es, reinicie seu web server. Voc\u00ea pode fazer isso no painel DirectAdmin. Acesse Ferramentas &gt;&gt; System services e localize seu web server ao final da linha em \u2026 voc\u00ea ter\u00e1 a op\u00e7\u00e3o reiniciar.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-7-protecao-contra-malware-clamav-e-imunify360\">7. Prote\u00e7\u00e3o contra Malware (ClamAV e Imunify360)<\/h3>\n\n\n\n<p>Mesmo com um WAF, plugins vulner\u00e1veis podem permitir que cibercriminosos fa\u00e7am o upload de arquivos maliciosos (Web Shells, scripts de phishing) para dentro do servidor. Para <strong>proteger DirectAdmin<\/strong> contra infec\u00e7\u00f5es internas, a verifica\u00e7\u00e3o de malwares \u00e9 essencial.<\/p>\n\n\n\n<p><strong>7.1. A Abordagem Gratuita: ClamAV<\/strong> O ClamAV \u00e9 um antiv\u00edrus de c\u00f3digo aberto que varre os arquivos do servidor e analisa e-mails em busca de v\u00edrus. Instal\u00e1-lo no DirectAdmin \u00e9 r\u00e1pido:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>cd \/usr\/local\/directadmin\/custombuild\n.\/build set clamav yes\n.\/build clamav<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">custombuild<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">clamav<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">yes<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">clamav<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p>Isso adicionar\u00e1 uma camada de prote\u00e7\u00e3o aos e-mails. Para varrer os arquivos dos sites, voc\u00ea precisar\u00e1 configurar tarefas Cron (cronjobs) que executem o comando <code>clamscan<\/code> nos diret\u00f3rios <code>\/home\/<\/code>.<\/p>\n\n\n\n<p><strong>7.2. A Abordagem Profissional Premium: Imunify360 ou ImunifyAV<\/strong> Se voc\u00ea hospeda sites comerciais ou possui muitos clientes, depender apenas do ClamAV pode n\u00e3o ser suficiente. A solu\u00e7\u00e3o padr\u00e3o da ind\u00fastria hoje para <strong>proteger DirectAdmin<\/strong> \u00e9 o Imunify360 (pago) ou o ImunifyAV (vers\u00e3o gratuita de varredura).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>O ImunifyAV Pro se integra ao painel do DirectAdmin e varre ativamente todos os arquivos em busca de inje\u00e7\u00f5es de c\u00f3digo malicioso em arquivos PHP e JavaScript.<\/li>\n\n\n\n<li>O Imunify360 vai al\u00e9m: ele limpa os malwares automaticamente, possui um WAF proativo impulsionado por IA e substitui a necessidade de gerenciar o ModSecurity manualmente.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-parte-3\">Parte 3<\/h2>\n\n\n\n<p>At\u00e9 agora, configuramos barreiras de rede, firewalls e defesas ativas. No entanto, a principal porta de entrada para invas\u00f5es em servidores de hospedagem n\u00e3o \u00e9 o sistema operacional em si, mas as aplica\u00e7\u00f5es web rodando nele, especialmente scripts em PHP. Para <strong>proteger DirectAdmin<\/strong> de forma integral, precisamos isolar os ambientes dos usu\u00e1rios e endurecer as configura\u00e7\u00f5es do servidor web e do banco de dados.<\/p>\n\n\n\n<p>Nesta terceira parte, aplicaremos o conceito de privil\u00e9gio m\u00ednimo: garantir que um site comprometido n\u00e3o consiga afetar outros sites no mesmo servidor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-8-hardening-e-seguranca-no-php\">8. Hardening e Seguran\u00e7a no PHP<\/h3>\n\n\n\n<p>O PHP \u00e9 a linguagem por tr\u00e1s de gerenciadores de conte\u00fado populares como WordPress, Joomla e Magento. Por padr\u00e3o, o PHP possui fun\u00e7\u00f5es poderosas que permitem interagir diretamente com o sistema operacional do servidor. Se um hacker faz upload de um script malicioso (Web Shell), ele usar\u00e1 essas fun\u00e7\u00f5es para assumir o controle da m\u00e1quina.<\/p>\n\n\n\n<p>Para <strong>proteger DirectAdmin<\/strong>, voc\u00ea deve restringir o que o PHP pode fazer.<\/p>\n\n\n\n<p><strong>8.1. Desativar Fun\u00e7\u00f5es Perigosas (disable_functions)<\/strong><\/p>\n\n\n\n<p>O DirectAdmin permite configurar o PHP de forma global e por dom\u00ednio. No CustomBuild, voc\u00ea pode definir um arquivo gen\u00e9rico de seguran\u00e7a. Edite o arquivo <code>\/usr\/local\/phpXX\/lib\/php.ini<\/code> (o caminho exato pode variar conforme a vers\u00e3o do PHP instalada, substitura XX pela vers\u00e3o do php) e localize a diretiva <code>disable_functions<\/code>.<\/p>\n\n\n\n<p>Adicione as seguintes fun\u00e7\u00f5es \u00e0 lista para bloquear a execu\u00e7\u00e3o de comandos no n\u00edvel do sistema:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>disable_functions = exec, system, passthru, shell_exec, escapeshellarg, escapeshellcmd, proc_close, proc_open, dl, popen, show_source<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">disable_functions<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">exec<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">system<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">passthru<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">shell_exec<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">escapeshellarg<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">escapeshellcmd<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">proc_close<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">proc_open<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">dl<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">popen<\/span><span style=\"color: #ECEFF4\">,<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">show_source<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>8.2. Isolamento de Diret\u00f3rios (open_basedir)<\/strong><\/p>\n\n\n\n<p>A diretiva <code>open_basedir<\/code> restringe os scripts PHP de acessarem arquivos fora do diret\u00f3rio base do site do usu\u00e1rio (geralmente <code>\/home\/usuario\/domains\/dominio.com\/public_html<\/code>). Isso impede que um script malicioso leia arquivos de configura\u00e7\u00e3o do servidor ou dados de outros clientes. No DirectAdmin, o <code>open_basedir<\/code> geralmente \u00e9 ativado por padr\u00e3o durante a cria\u00e7\u00e3o da conta, mas verifique as configura\u00e7\u00f5es em <strong>Gerenciador de Servidor<\/strong> -&gt; <strong>Configura\u00e7\u00f4es do PHP<\/strong> para garantir que esteja for\u00e7ado globalmente.<\/p>\n\n\n\n<p><strong>8.3. Limites de Recursos<\/strong><\/p>\n\n\n\n<p>Evite que um script mal constru\u00eddo ou um ataque de nega\u00e7\u00e3o de servi\u00e7o (DoS) na camada de aplica\u00e7\u00e3o esgote a mem\u00f3ria do servidor. Ajuste os seguintes valores no <code>php.ini<\/code>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>memory_limit = 256M<\/code> (Aumente apenas para sites espec\u00edficos que realmente necessitem).<\/li>\n\n\n\n<li><code>max_execution_time = 60<\/code> (Impede que scripts rodem infinitamente).<\/li>\n\n\n\n<li><code>expose_php = Off<\/code> (Oculta a vers\u00e3o do PHP nos cabe\u00e7alhos HTTP, dificultando o trabalho de bots que buscam vulnerabilidades espec\u00edficas de vers\u00e3o).<\/li>\n<\/ul>\n\n\n\n<p>O CSF \u00e9 amplamente utilizado para prote\u00e7\u00e3o de servidores Linux. Confira o guia completo de <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/csf-firewall-directadmin\/\">CSF Firewall no DirectAdmin<\/a><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-9-otimizacao-e-protecao-do-servidor-web\">9. Otimiza\u00e7\u00e3o e Prote\u00e7\u00e3o do Servidor Web<\/h3>\n\n\n\n<p>O servidor web \u00e9 a face p\u00fablica do seu servidor. O DirectAdmin suporta v\u00e1rias op\u00e7\u00f5es atrav\u00e9s do CustomBuild. A escolha do servidor web impacta diretamente na performance e nas ferramentas de seguran\u00e7a dispon\u00edveis.<\/p>\n\n\n\n<p><strong>Comparativo R\u00e1pido de Servidores Web no DirectAdmin:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>Servidor Web<\/strong><\/td><td><strong>Foco Principal<\/strong><\/td><td><strong>Compatibilidade com WAF<\/strong><\/td><td><strong>Isolamento<\/strong><\/td><\/tr><\/thead><tbody><tr><td><strong>Apache<\/strong><\/td><td>Estabilidade e compatibilidade legada<\/td><td>Excelente (ModSecurity nativo)<\/td><td>Alto (usando PHP-FPM)<\/td><\/tr><tr><td><strong>Nginx<\/strong><\/td><td>Alta performance e tr\u00e1fego massivo<\/td><td>Bom <\/td><td>Alto<\/td><\/tr><tr><td><strong>OpenLiteSpeed\/Litespeed<\/strong><\/td><td>Performance extrema para PHP\/WordPress<\/td><td>Excelente <\/td><td>Alt\u00edssimo<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Independentemente do servidor web escolhido para <strong>proteger DirectAdmin<\/strong>, aplique estas duas regras universais:<\/p>\n\n\n\n<p><strong>9.1. Ocultar Assinaturas do Servidor<\/strong><\/p>\n\n\n\n<p>N\u00e3o revele qual software ou vers\u00e3o voc\u00ea est\u00e1 usando. No Apache, por exemplo, edite o arquivo <code>\/etc\/httpd\/conf\/extra\/httpd-default.conf<\/code>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ServerSignature Off<\/code><\/li>\n\n\n\n<li><code>ServerTokens Prod<\/code><\/li>\n<\/ul>\n\n\n\n<p><strong>9.2. Prevenir Listagem de Diret\u00f3rios<\/strong><\/p>\n\n\n\n<p>Se um diret\u00f3rio n\u00e3o tiver um arquivo <code>index.php<\/code> ou <code>index.html<\/code>, o servidor web pode listar todos os arquivos contidos nele, expondo dados sens\u00edveis. Desative isso garantindo que a diretriz <code>Options -Indexes<\/code> esteja configurada globalmente nas configura\u00e7\u00f5es do seu servidor web.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-10-seguranca-do-servidor-mysql-mariadb\">10. Seguran\u00e7a do Servidor MySQL\/MariaDB<\/h3>\n\n\n\n<p>Bancos de dados cont\u00eam as informa\u00e7\u00f5es mais valiosas dos seus clientes: senhas criptografadas, dados pessoais e conte\u00fado dos sites. Um banco de dados mal configurado \u00e9 um risco cr\u00edtico.<\/p>\n\n\n\n<p>Para <strong>proteger DirectAdmin<\/strong> e seus dados, o servi\u00e7o de banco de dados deve ser invis\u00edvel para o mundo exterior.<\/p>\n\n\n\n<p><strong>10.1. Desativar Acesso Externo (Bind Address)<\/strong><\/p>\n\n\n\n<p>Por padr\u00e3o, o MySQL\/MariaDB n\u00e3o deve aceitar conex\u00f5es vindas da internet, apenas do pr\u00f3prio servidor (localhost). Edite o arquivo de configura\u00e7\u00e3o (geralmente <code>\/etc\/my.cnf<\/code> ou <code>\/etc\/my.cnf.d\/server.cnf<\/code>) e adicione ou modifique a seguinte linha na se\u00e7\u00e3o <code>[mysqld]<\/code>:<\/p>\n\n\n\n<p><code>bind-address = 127.0.0.1<\/code><\/p>\n\n\n\n<p>Reinicie o servi\u00e7o: <code>systemctl restart mysqld<\/code> <strong>ou<\/strong> <code>systemctl restart mariadb<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-parte-4\">Parte 4<\/h2>\n\n\n\n<p>Chegamos \u00e0 \u00faltima camada da nossa estrat\u00e9gia de <em>Defense in Depth<\/em> (Defesa em Profundidade). Nas partes anteriores, blindamos o sistema operacional, configuramos firewalls de rede e de aplica\u00e7\u00e3o, e restringimos o PHP e o banco de dados. Contudo, para <strong>proteger DirectAdmin<\/strong> em sua totalidade, precisamos assumir que senhas podem vazar e que desastres (como falhas de hardware ou ransomwares de dia zero) podem ocorrer.<\/p>\n\n\n\n<p>Nesta quarta parte, vamos implementar a Autentica\u00e7\u00e3o de Dois Fatores (2FA), for\u00e7ar conex\u00f5es criptografadas modernas, estruturar backups remotos e estabelecer uma rotina de auditoria.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-11-implementacao-de-2fa-autenticacao-de-dois-fatores-no-painel\">11. Implementa\u00e7\u00e3o de 2FA (Autentica\u00e7\u00e3o de Dois Fatores) no Painel<\/h3>\n\n\n\n<p>O roubo de credenciais (phishing, keyloggers ou vazamento de senhas) anula qualquer firewall. Se um atacante descobrir a senha do seu usu\u00e1rio <code>admin<\/code>, ele ter\u00e1 controle total. Portanto, uma das medidas mais eficazes para <strong>proteger DirectAdmin<\/strong> \u00e9 exigir um segundo fator de autentica\u00e7\u00e3o.<\/p>\n\n\n\n<p>O DirectAdmin possui suporte nativo ao 2FA baseado em TOTP (Time-based One-Time Password), compat\u00edvel com aplicativos como Google Authenticator, Authy, Proton Authenticator.<\/p>\n\n\n\n<p><strong>11.1. Ativando o 2FA Globalmente<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Acesse o DirectAdmin como administrador.<\/li>\n\n\n\n<li>Navegue at\u00e9 a parte superior a esquerda e clique em Perfil do usu\u00e1rio.<\/li>\n\n\n\n<li>Procure a op\u00e7\u00e3o &#8220;Autentica\u00e7\u00e3o de dois fatores&#8221; e ative-a com Google Authenticator ou Proton Authenticator.<\/li>\n\n\n\n<li>Escaneie o QR Code com o seu aplicativo autenticador.<\/li>\n\n\n\n<li>Insira o c\u00f3digo gerado e salve os c\u00f3digos de recupera\u00e7\u00e3o (scratch codes) em um local extremamente seguro e offline. Sem eles, se voc\u00ea perder o celular, perder\u00e1 o acesso ao painel.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-12-forcando-ssl-tls-e-configuracoes-de-criptografia-modernas\">12. For\u00e7ando SSL\/TLS e Configura\u00e7\u00f5es de Criptografia Modernas<\/h3>\n\n\n\n<p>Quando pensamos em <strong>proteger DirectAdmin<\/strong>, n\u00e3o podemos esquecer dos dados em tr\u00e2nsito. O acesso ao painel (porta 2222) e aos sites dos clientes deve ser feito exclusivamente via HTTPS. O uso de HTTP exp\u00f5e senhas e cookies de sess\u00e3o em texto plano na rede.<\/p>\n\n\n\n<p><strong>12.1. Protegendo o Painel na Porta 2222 com Let&#8217;s Encrypt<\/strong> Use os seguintes comandos no terminal SSH (como root) para gerar um certificado SSL gratuito e v\u00e1lido para o hostname do seu servidor:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/usr\/local\/directadmin\/scripts\/letsencrypt.sh server_cert<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">scripts<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">letsencrypt<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9\">sh<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">server_cert<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p>Ap\u00f3s gerar o certificado, force o redirecionamento autom\u00e1tico configurando o arquivo <code>directadmin.conf<\/code>:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/usr\/local\/directadmin\/directadmin set ssl 1\n\/usr\/local\/directadmin\/directadmin set force_hostname seu-hostname.com\n\/usr\/local\/directadmin\/directadmin set ssl_redirect_host seu-hostname.com\nsystemctl restart directadmin<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">ssl<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">1<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">force_hostname<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">seu<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #D8DEE9\">hostname<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9\">com<\/span><\/span>\n<span class=\"line\"><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">ssl_redirect_host<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">seu<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #D8DEE9\">hostname<\/span><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #D8DEE9\">com<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D8DEE9\">systemctl<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">restart<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">directadmin<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p><strong>12.2. Desativando Protocolos Obsoletos (TLS 1.0 e 1.1)<\/strong> Protocolos de criptografia antigos possuem falhas conhecidas. Para <strong>proteger DirectAdmin<\/strong> contra ataques de intercepta\u00e7\u00e3o (Man-in-the-Middle), force o uso do TLS 1.2 e TLS 1.3. O CustomBuild facilita isso:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>cd \/usr\/local\/directadmin\/custombuild\n.\/build set ssl_configuration modern\n.\/build rewrite_confs<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">custombuild<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">ssl_configuration<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">modern<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">rewrite_confs<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-13-estrategias-de-backup-remoto-e-imutavel\">13. Estrat\u00e9gias de Backup Remoto e Imut\u00e1vel<\/h3>\n\n\n\n<p>Seja por uma falha catastr\u00f3fica ou por um ataque de Ransomware, a \u00faltima linha de defesa para <strong>proteger DirectAdmin<\/strong> \u00e9 ter um backup limpo, atualizado e inacess\u00edvel pelo pr\u00f3prio servidor comprometido.<\/p>\n\n\n\n<p><strong>13.1. Configurando o Admin Backup and Restore.<\/strong> O DirectAdmin possui uma ferramenta fant\u00e1stica chamada <em>Admin Backup and Restore<\/em>. Ela permite criar pacotes completos de usu\u00e1rios (arquivos, bancos de dados, e-mails, zonas DNS).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Acesse <strong>Admin Tools<\/strong> -&gt; <strong>Admin Backup and Restore<\/strong>.<\/li>\n\n\n\n<li>Programe uma rotina (Cron) di\u00e1ria durante a madrugada (ex: 03:00 AM).<\/li>\n\n\n\n<li><strong>O Segredo:<\/strong> Nunca salve os backups apenas no disco local. Configure o <em>Step 3 (Destination)<\/em> para enviar via FTP para um servidor de storage remoto externo.<\/li>\n<\/ul>\n\n\n\n<p><strong>13.2. A Import\u00e2ncia de Backups Imut\u00e1veis<\/strong> Se o seu servidor for invadido por um ransomware e o atacante obtiver privil\u00e9gios de root, ele poder\u00e1 acessar a conta de FTP remota e deletar seus backups. Para resolver isso, o servidor de destino (storage) deve estar configurado para reten\u00e7\u00e3o imut\u00e1vel (append-only) ou possuir snapshots independentes que o seu servidor DirectAdmin n\u00e3o tenha permiss\u00e3o para apagar.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-14-monitoramento-de-logs-e-auditoria-continua\">14. Monitoramento de Logs e Auditoria Cont\u00ednua<\/h3>\n\n\n\n<p>A seguran\u00e7a n\u00e3o \u00e9 um estado, \u00e9 um processo. Saber como <strong>proteger DirectAdmin<\/strong> de forma cont\u00ednua exige monitoramento proativo.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Logwatch:<\/strong> Instale o Logwatch no servidor Linux (<code>yum install logwatch<\/code> ou <code>apt install logwatch<\/code>). Ele analisa os logs do sistema diariamente e envia um resumo por e-mail para o administrador, destacando erros no disco, logins falhos e uso de sudo.<\/li>\n\n\n\n<li><strong>Message System do DirectAdmin:<\/strong> Preste aten\u00e7\u00e3o \u00e0s mensagens enviadas pelo pr\u00f3prio painel. Ele avisa automaticamente sobre contas enviando spam, servi\u00e7os travados e limites de disco atingidos.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-15-ativar-dkim-no-servidor-directadmin\">15. Ativar DKIM no servidor DirectAdmin.<\/h3>\n\n\n\n<p><strong>Ativar DKIM:<\/strong><\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>cd \/usr\/local\/directadmin\n.\/directadmin config-set dkim 1<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">config<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #D8DEE9\">set<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">dkim<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #B48EAD\">1<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p><strong>Ative-o nas configura\u00e7\u00f5es exim:<\/strong><\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly> cd \/usr\/local\/directadmin\/custombuild\n.\/build update\n.\/build exim\n.\/build eximconf<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">cd<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">usr<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">local<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">directadmin<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">custombuild<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">update<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">exim<\/span><\/span>\n<span class=\"line\"><span style=\"color: #ECEFF4\">.<\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">build<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #D8DEE9\">eximconf<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n\n\n<p>Usar <strong>dkim = 1<\/strong> significa que ele ser\u00e1 ativado imediatamente quando um dom\u00ednio for criado no sistema.<br>Se DNS externo for usado(como cloudflare por exemplo), os registros DKIM TXT dever\u00e3o ser copiados para o DNS remoto; caso contr\u00e1rio, os emails de sa\u00edda ser\u00e3o assinados, mas falhar\u00e3o, pois as verifica\u00e7\u00f5es de DNS falhar\u00e3o, o que \u00e9 realmente muito pior do que n\u00e3o ter DKIM.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-16-seguranca-de-dns-e-e-mail\">16. Seguran\u00e7a de DNS e E-mail<\/h2>\n\n\n\n<p>Um servidor seguro tamb\u00e9m protege a reputa\u00e7\u00e3o do seu IP.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DNSSEC:<\/strong> Ative o DNSSEC no DirectAdmin para evitar o sequestro de DNS (DNS Spoofing).\n<ul class=\"wp-block-list\">\n<li><em><strong>Comando:<\/strong><\/em> <\/li>\n\n\n\n<li>cd \/usr\/local\/directadmin<\/li>\n\n\n\n<li><code>.\/directadmin set dnssec 1<\/code><\/li>\n\n\n\n<li><strong>EasySpamFighter (ESF):<\/strong><\/li>\n\n\n\n<li>cd \/usr\/local\/directadmin\/custombuild<\/li>\n\n\n\n<li><code>.\/build set eximconf yes <\/code><\/li>\n\n\n\n<li><code>.\/build set eximconf_release 4.5 <\/code><\/li>\n\n\n\n<li><code>.\/build set blockcracking yes <\/code><\/li>\n\n\n\n<li><code>.\/build set easy_spam_fighter yes <\/code><\/li>\n\n\n\n<li><code>.\/build eximconf <\/code>Isso for\u00e7a verifica\u00e7\u00f5es rigorosas de <strong>SPF, DKIM e DMARC<\/strong>, impedindo que seu servidor receba ou envie e-mails falsificados.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-17-permissoes-e-seguranca-de-arquivos\">17. Permiss\u00f5es e seguran\u00e7a de arquivos<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd0d Encontrar arquivos perigosos:<\/h3>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>find \/home -type f -perm 777<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9\">find<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">\/<\/span><span style=\"color: #D8DEE9\">home<\/span><span style=\"color: #D8DEE9FF\"> <\/span><span style=\"color: #81A1C1\">-type<\/span><span style=\"color: #D8DEE9FF\"> f -perm 777<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<pre class=\"wp-block-preformatted\"><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udd12 Corrigir:<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">chmod 644 arquivos<br>chmod 755 diret\u00f3rios<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-18-protecao-externa-altamente-recomendado\">\ud83c\udf0d 18. Prote\u00e7\u00e3o Externa (ALTAMENTE RECOMENDADO)<\/h2>\n\n\n\n<p>Use:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloudflare (WAF + CDN)<\/li>\n\n\n\n<li>prote\u00e7\u00e3o DDoS<\/li>\n\n\n\n<li>rate limit global<\/li>\n\n\n\n<li>bloqueio por pa\u00eds<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-19-ataques-reais-mais-comuns\">\u26a0\ufe0f 19. Ataques reais mais comuns<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd34 Brute force DirectAdmin<\/h4>\n\n\n\n<p>\u2192 solu\u00e7\u00e3o: CSF + Login Keys<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd34 WordPress vulner\u00e1vel<\/h4>\n\n\n\n<p>\u2192 solu\u00e7\u00e3o: WAF + atualiza\u00e7\u00e3o<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd34 SMTP abuse<\/h4>\n\n\n\n<p>\u2192 solu\u00e7\u00e3o: limite + monitoramento<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd34 SSH attack<\/h4>\n\n\n\n<p>\u2192 solu\u00e7\u00e3o: chave + bloqueio<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd34 Webshell upload<\/h4>\n\n\n\n<p>\u2192 solu\u00e7\u00e3o: permiss\u00f5es + WAF<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u2705 CHECKLIST PROFISSIONAL<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSH com chave e sem root<\/li>\n\n\n\n<li>CSF configurado corretamente<\/li>\n\n\n\n<li>ModSecurity ativo<\/li>\n\n\n\n<li>DirectAdmin com login keys<\/li>\n\n\n\n<li>Senhas fortes<\/li>\n\n\n\n<li>WordPress protegido<\/li>\n\n\n\n<li>SMTP limitado<\/li>\n\n\n\n<li>Logs monitorados<\/li>\n\n\n\n<li>Backup externo<\/li>\n\n\n\n<li>portas revisadas<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\ude80 CONCLUS\u00c3O (VIS\u00c3O REAL DE PRODU\u00c7\u00c3O)<\/h2>\n\n\n\n<p>Seguran\u00e7a no DirectAdmin n\u00e3o \u00e9 plugin nem configura\u00e7\u00e3o \u00fanica.<\/p>\n\n\n\n<p>\u00c9:<\/p>\n\n\n\n<p>\u2714 disciplina<br>\u2714 monitoramento<br>\u2714 atualiza\u00e7\u00e3o constante<br>\u2714 arquitetura em camadas<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>O erro mais comum n\u00e3o \u00e9 \u201cn\u00e3o saber configurar\u201d<br>\u00c9 achar que j\u00e1 est\u00e1 seguro.<\/p>\n<\/blockquote>\n\n\n\n<p>Proteger o servidor \u00e9 um processo cont\u00ednuo. Para aprofundar sua administra\u00e7\u00e3o e seguran\u00e7a, consulte o <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/guia-completo-directadmin-administradores\/\">DirectAdmin para administradores<\/a><\/strong>.<\/p>\n\n\n\n<p>Para refor\u00e7ar a seguran\u00e7a do servidor, \u00e9 essencial utilizar firewall. Veja como aplicar <a href=\"https:\/\/helpsysadmin.com.br\/blog\/csf-firewall-directadmin\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>prote\u00e7\u00e3o com CSF no DirectAdmin<\/strong><\/a>.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-faq\">FAQ<\/h3>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1774913941360\"><strong class=\"schema-faq-question\">Como proteger DirectAdmin contra ataques de for\u00e7a bruta?<\/strong> <p class=\"schema-faq-answer\">Use CSF\/LFD, limite tentativas, Login Keys e autentica\u00e7\u00e3o forte.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1774913965541\"><strong class=\"schema-faq-question\">Qual o maior risco em servidores DirectAdmin?<\/strong> <p class=\"schema-faq-answer\">WordPress vulner\u00e1vel e credenciais fracas.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1774913975699\"><strong class=\"schema-faq-question\">CSF \u00e9 suficiente?<\/strong> <p class=\"schema-faq-answer\">N\u00e3o. Deve ser combinado com WAF, <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/ssh-seguro-alem-da-porta\/\">SSH hardening clique aqui<\/a><\/strong> e monitoramento.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1774914001028\"><strong class=\"schema-faq-question\">Vale usar Cloudflare?<\/strong> <p class=\"schema-faq-answer\">Sim, reduz ataques antes de chegar ao servidor.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1774915512646\"><strong class=\"schema-faq-question\">Qual a melhor forma de proteger DirectAdmin contra ataques?<\/strong> <p class=\"schema-faq-answer\">A melhor forma de proteger DirectAdmin contra ataques \u00e9 aplicar seguran\u00e7a em camadas: firewall, SSH seguro, WAF, atualiza\u00e7\u00f5es e monitoramento.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1774915524910\"><strong class=\"schema-faq-question\">O CSF realmente ajuda a proteger DirectAdmin contra ataques?<\/strong> <p class=\"schema-faq-answer\">Sim, o CSF \u00e9 uma das principais ferramentas para proteger DirectAdmin contra ataques, principalmente brute force e conex\u00f5es abusivas.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1774915545126\"><strong class=\"schema-faq-question\">WordPress pode comprometer a seguran\u00e7a do DirectAdmin?<\/strong> <p class=\"schema-faq-answer\">Sim. Um WordPress vulner\u00e1vel pode ser usado como porta de entrada, por isso proteger DirectAdmin contra ataques inclui proteger os sites hospedados.<\/p> <\/div> <\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-veja-mais\">Veja Mais:<\/h3>\n\n\n\n<p><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/guia-completo-directadmin-administradores\/\">Guia Completo do DirectAdmin para Administradores (Instala\u00e7\u00e3o, Seguran\u00e7a e Configura\u00e7\u00e3o)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/habilitar-brotli-directadmin-nginx\/\">Como habilitar a compress\u00e3o Brotli no DirectAdmin com Nginx (Guia Completo)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/instalar-redis-directadmin-guia-completo\/\">Como Instalar e Otimizar o Redis no DirectAdmin: Guia Definitivo 2026<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/configuracoes-php-fpm-directadmin\/\">Onde ficam as configura\u00e7\u00f5es PHP-FPM no DirectAdmin? (Guia 2026)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-ativar-http3-directadmin-guia-completo\/\">Como Ativar o HTTP\/3 no DirectAdmin: Guia Completo 2026<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/directadmin-lento-diagnostico-solucao\/\">DirectAdmin Lento? Guia Definitivo de Diagn\u00f3stico e Otimiza\u00e7\u00e3o [2026]<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/csf-firewall-directadmin\/\">CSF Firewall no DirectAdmin: Como Configurar<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/migracao-de-contas-directadmin-guia\/\" target=\"_blank\" rel=\"noreferrer noopener\">Migra\u00e7\u00e3o de Contas DirectAdmin: Guia Completo e Passo a Passo<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/otimizar-mariadb-directadmin\/\" target=\"_blank\" rel=\"noreferrer noopener\">Como Otimizar MariaDB no DirectAdmin (Guia Completo de Alta Performance)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/otimizar-directadmin-alto-trafego\/\" target=\"_blank\" rel=\"noreferrer noopener\">Como Otimizar DirectAdmin para Alto Tr\u00e1fego (Guia Definitivo)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/directadmin-vps-vs-servidor-dedicado\/\">DirectAdmin em VPS ou Servidor Dedicado: Qual a Melhor Escolha?<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/directadmin-em-cloud-vale-a-pena\/\">DirectAdmin em Cloud: Vale a Pena? O Guia Definitivo (2026)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-reduzir-uso-cpu-directadmin\/\">Como Reduzir Uso de CPU no DirectAdmin: Guia Completo 2026<\/a><\/strong><br><a href=\"https:\/\/helpsysadmin.com.br\/blog\/migrar-directadmin-servidor-dedicado\/\"><strong>Como migrar DirectAdmin para dedicado? : Guia Completo e Seguro<\/strong><\/a><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/como-reduzir-o-ttfb-no-directadmin\/\">Como Reduzir o TTFB no DirectAdmin: Guia Definitivo (2026)<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/picos-de-trafego-directadmin\/\" target=\"_blank\" rel=\"noreferrer noopener\">Como Lidar com Picos de Tr\u00e1fego no DirectAdmin: Guia Definitivo<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/erro-503-directadmin-como-resolver\/\">Como Corrigir o Erro 503 no DirectAdmin: Guia Completo e Definitivo<\/a><\/strong><br><strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/otimizando-php-fpm-no-directadmin\/\">Otimizando PHP-FPM no DirectAdmin: Guia Completo para Performance<\/a><\/strong><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>O DirectAdmin \u00e9 um dos pain\u00e9is de controle de hospedagem web mais eficientes, leve e popular do mercado. No entanto, sua grande [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":5103,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4193],"tags":[4053,1362,4045,4039,4049,4041,3585,4057,4043,4055,4047,3491,4059,4051],"class_list":["post-5077","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-paineis-de-hospedagem","tag-ataques-servidor-linux","tag-directadmin","tag-directadmin-seguranca","tag-firewall-csf","tag-firewall-csf-directadmin","tag-hardening-linux-5","tag-hospedagem-web","tag-modsecurity-directadmin","tag-prevencao-de-intrusoes","tag-proteger-painel-hospedagem","tag-proteger-servidor-linux","tag-seguranca-de-servidor","tag-seguranca-vps-2","tag-seguranca-wordpress-servidor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026<\/title>\n<meta name=\"description\" content=\"Aprenda como proteger DirectAdmin contra ataques com firewall, SSH seguro, WAF, monitoramento e hardening completo em servidores Linux.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026\" \/>\n<meta property=\"og:description\" content=\"Aprenda como proteger DirectAdmin contra ataques com firewall, SSH seguro, WAF, monitoramento e hardening completo em servidores Linux.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog HelpSysAdmin\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-30T23:50:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-28T01:55:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/03\/como_proteger_directadmin.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"HelpSysAdmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brhelpsysad\" \/>\n<meta name=\"twitter:site\" content=\"@brhelpsysad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/\"},\"author\":{\"name\":\"HelpSysAdmin\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\"},\"headline\":\"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026\",\"datePublished\":\"2026-03-30T23:50:32+00:00\",\"dateModified\":\"2026-04-28T01:55:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/\"},\"wordCount\":3717,\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/03\\/como_proteger_directadmin.webp\",\"keywords\":[\"ataques servidor linux\",\"DirectAdmin\",\"directadmin seguran\u00e7a\",\"Firewall CSF\",\"firewall csf directadmin\",\"Hardening Linux\",\"Hospedagem Web\",\"modsecurity directadmin\",\"Preven\u00e7\u00e3o de Intrus\u00f5es\",\"proteger painel hospedagem\",\"proteger servidor linux\",\"Seguran\u00e7a de Servidor\",\"seguran\u00e7a vps\",\"seguran\u00e7a wordpress servidor\"],\"articleSection\":[\"Pain\u00e9is de Hospedagem (Control Panels)\"],\"inLanguage\":\"pt-BR\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/\",\"name\":\"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/03\\/como_proteger_directadmin.webp\",\"datePublished\":\"2026-03-30T23:50:32+00:00\",\"dateModified\":\"2026-04-28T01:55:25+00:00\",\"description\":\"Aprenda como proteger DirectAdmin contra ataques com firewall, SSH seguro, WAF, monitoramento e hardening completo em servidores Linux.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913941360\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913965541\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913975699\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774914001028\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915512646\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915524910\"},{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915545126\"}],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#primaryimage\",\"url\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/03\\/como_proteger_directadmin.webp\",\"contentUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2026\\/03\\/como_proteger_directadmin.webp\",\"width\":1200,\"height\":800,\"caption\":\"como proteger directadmin\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"name\":\"Blog HelpSysAdmin\",\"description\":\"Blog Gerenciamento de Servidor\",\"publisher\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\"},\"alternateName\":\"HelpSysAdmin Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#organization\",\"name\":\"HelpSysAdmin Gerenciamento de Servidores\",\"alternateName\":\"HelpSysAdmin\",\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"contentUrl\":\"https:\\/\\/mlkpd8g42nae.i.optimole.com\\/w:512\\/h:512\\/q:mauto\\/f:best\\/https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/uploads\\/2020\\/12\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"HelpSysAdmin Gerenciamento de Servidores\"},\"image\":{\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/brhelpsysad\",\"https:\\\/\\\/mastodon.social\\\/@helpsysadmin\"],\"description\":\"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1\",\"maxValue\":\"10\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/#\\\/schema\\\/person\\\/bdbe3d7d71a0c6a3cb474c18da574efb\",\"name\":\"HelpSysAdmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/litespeed\\/avatar\\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777855383\",\"url\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/litespeed\\/avatar\\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777855383\",\"contentUrl\":\"https:\\/\\/helpsysadmin.com.br\\/blog\\/wp-content\\/litespeed\\/avatar\\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777855383\",\"caption\":\"HelpSysAdmin\"},\"sameAs\":[\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/\"]},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913941360\",\"position\":1,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913941360\",\"name\":\"Como proteger DirectAdmin contra ataques de for\u00e7a bruta?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Use CSF\\\/LFD, limite tentativas, Login Keys e autentica\u00e7\u00e3o forte.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913965541\",\"position\":2,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913965541\",\"name\":\"Qual o maior risco em servidores DirectAdmin?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"WordPress vulner\u00e1vel e credenciais fracas.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913975699\",\"position\":3,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774913975699\",\"name\":\"CSF \u00e9 suficiente?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"N\u00e3o. Deve ser combinado com WAF, <strong><a href=\\\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/ssh-seguro-alem-da-porta\\\/\\\">SSH hardening clique aqui<\\\/a><\\\/strong> e monitoramento.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774914001028\",\"position\":4,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774914001028\",\"name\":\"Vale usar Cloudflare?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Sim, reduz ataques antes de chegar ao servidor.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915512646\",\"position\":5,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915512646\",\"name\":\"Qual a melhor forma de proteger DirectAdmin contra ataques?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A melhor forma de proteger DirectAdmin contra ataques \u00e9 aplicar seguran\u00e7a em camadas: firewall, SSH seguro, WAF, atualiza\u00e7\u00f5es e monitoramento.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915524910\",\"position\":6,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915524910\",\"name\":\"O CSF realmente ajuda a proteger DirectAdmin contra ataques?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Sim, o CSF \u00e9 uma das principais ferramentas para proteger DirectAdmin contra ataques, principalmente brute force e conex\u00f5es abusivas.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"},{\"@type\":\"Question\",\"@id\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915545126\",\"position\":7,\"url\":\"https:\\\/\\\/helpsysadmin.com.br\\\/blog\\\/proteger-directadmin-contra-ataques\\\/#faq-question-1774915545126\",\"name\":\"WordPress pode comprometer a seguran\u00e7a do DirectAdmin?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Sim. Um WordPress vulner\u00e1vel pode ser usado como porta de entrada, por isso proteger DirectAdmin contra ataques inclui proteger os sites hospedados.\",\"inLanguage\":\"pt-BR\"},\"inLanguage\":\"pt-BR\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026","description":"Aprenda como proteger DirectAdmin contra ataques com firewall, SSH seguro, WAF, monitoramento e hardening completo em servidores Linux.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/","og_locale":"pt_BR","og_type":"article","og_title":"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026","og_description":"Aprenda como proteger DirectAdmin contra ataques com firewall, SSH seguro, WAF, monitoramento e hardening completo em servidores Linux.","og_url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/","og_site_name":"Blog HelpSysAdmin","article_published_time":"2026-03-30T23:50:32+00:00","article_modified_time":"2026-04-28T01:55:25+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/03\/como_proteger_directadmin.webp","type":"image\/webp"}],"author":"HelpSysAdmin","twitter_card":"summary_large_image","twitter_creator":"@brhelpsysad","twitter_site":"@brhelpsysad","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#article","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/"},"author":{"name":"HelpSysAdmin","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb"},"headline":"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026","datePublished":"2026-03-30T23:50:32+00:00","dateModified":"2026-04-28T01:55:25+00:00","mainEntityOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/"},"wordCount":3717,"publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/03\/como_proteger_directadmin.webp","keywords":["ataques servidor linux","DirectAdmin","directadmin seguran\u00e7a","Firewall CSF","firewall csf directadmin","Hardening Linux","Hospedagem Web","modsecurity directadmin","Preven\u00e7\u00e3o de Intrus\u00f5es","proteger painel hospedagem","proteger servidor linux","Seguran\u00e7a de Servidor","seguran\u00e7a vps","seguran\u00e7a wordpress servidor"],"articleSection":["Pain\u00e9is de Hospedagem (Control Panels)"],"inLanguage":"pt-BR"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/","url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/","name":"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026","isPartOf":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#primaryimage"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#primaryimage"},"thumbnailUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/03\/como_proteger_directadmin.webp","datePublished":"2026-03-30T23:50:32+00:00","dateModified":"2026-04-28T01:55:25+00:00","description":"Aprenda como proteger DirectAdmin contra ataques com firewall, SSH seguro, WAF, monitoramento e hardening completo em servidores Linux.","breadcrumb":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913941360"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913965541"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913975699"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774914001028"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915512646"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915524910"},{"@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915545126"}],"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#primaryimage","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/03\/como_proteger_directadmin.webp","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2026\/03\/como_proteger_directadmin.webp","width":1200,"height":800,"caption":"como proteger directadmin"},{"@type":"BreadcrumbList","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/helpsysadmin.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"Como Proteger DirectAdmin Contra Ataques: Guia Completo de Seguran\u00e7a 2026"}]},{"@type":"WebSite","@id":"https:\/\/helpsysadmin.com.br\/blog\/#website","url":"https:\/\/helpsysadmin.com.br\/blog\/","name":"Blog HelpSysAdmin","description":"Blog Gerenciamento de Servidor","publisher":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization"},"alternateName":"HelpSysAdmin Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/helpsysadmin.com.br\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/helpsysadmin.com.br\/blog\/#organization","name":"HelpSysAdmin Gerenciamento de Servidores","alternateName":"HelpSysAdmin","url":"https:\/\/helpsysadmin.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:512\/h:512\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/uploads\/2020\/12\/favicon.png","width":512,"height":512,"caption":"HelpSysAdmin Gerenciamento de Servidores"},"image":{"@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/brhelpsysad","https:\/\/mastodon.social\/@helpsysadmin"],"description":"Oferecemos o gerenciamento de servidores dedicados, vps ou cloud. Apresentamos a melhor experi\u00eancia em atendimento e servi\u00e7o. Nosso time cuidar\u00e1 do seu servidor com backups, an\u00e1lises constantes, ajustes de seguran\u00e7a, realiza\u00e7\u00e3o de manuten\u00e7\u00e3o preventiva e corretiva, otimiza\u00e7\u00e3o de performance al\u00e9m de monitoramento 24\u00d77 com suporte Pr\u00f3 Ativo.","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1","maxValue":"10"}},{"@type":"Person","@id":"https:\/\/helpsysadmin.com.br\/blog\/#\/schema\/person\/bdbe3d7d71a0c6a3cb474c18da574efb","name":"HelpSysAdmin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/litespeed\/avatar\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777855383","url":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/litespeed\/avatar\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777855383","contentUrl":"https:\/\/mlkpd8g42nae.i.optimole.com\/w:auto\/h:auto\/q:mauto\/f:best\/https:\/\/helpsysadmin.com.br\/blog\/wp-content\/litespeed\/avatar\/e587d5e97a45d2f6f29b0179adc1ebf4.jpg?ver=1777855383","caption":"HelpSysAdmin"},"sameAs":["https:\/\/helpsysadmin.com.br\/blog\/"]},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913941360","position":1,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913941360","name":"Como proteger DirectAdmin contra ataques de for\u00e7a bruta?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Use CSF\/LFD, limite tentativas, Login Keys e autentica\u00e7\u00e3o forte.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913965541","position":2,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913965541","name":"Qual o maior risco em servidores DirectAdmin?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"WordPress vulner\u00e1vel e credenciais fracas.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913975699","position":3,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774913975699","name":"CSF \u00e9 suficiente?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"N\u00e3o. Deve ser combinado com WAF, <strong><a href=\"https:\/\/helpsysadmin.com.br\/blog\/ssh-seguro-alem-da-porta\/\">SSH hardening clique aqui<\/a><\/strong> e monitoramento.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774914001028","position":4,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774914001028","name":"Vale usar Cloudflare?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Sim, reduz ataques antes de chegar ao servidor.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915512646","position":5,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915512646","name":"Qual a melhor forma de proteger DirectAdmin contra ataques?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A melhor forma de proteger DirectAdmin contra ataques \u00e9 aplicar seguran\u00e7a em camadas: firewall, SSH seguro, WAF, atualiza\u00e7\u00f5es e monitoramento.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915524910","position":6,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915524910","name":"O CSF realmente ajuda a proteger DirectAdmin contra ataques?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Sim, o CSF \u00e9 uma das principais ferramentas para proteger DirectAdmin contra ataques, principalmente brute force e conex\u00f5es abusivas.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"},{"@type":"Question","@id":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915545126","position":7,"url":"https:\/\/helpsysadmin.com.br\/blog\/proteger-directadmin-contra-ataques\/#faq-question-1774915545126","name":"WordPress pode comprometer a seguran\u00e7a do DirectAdmin?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Sim. Um WordPress vulner\u00e1vel pode ser usado como porta de entrada, por isso proteger DirectAdmin contra ataques inclui proteger os sites hospedados.","inLanguage":"pt-BR"},"inLanguage":"pt-BR"}]}},"lang":"pt","translations":{"pt":5077},"pll_sync_post":{},"_links":{"self":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/5077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/comments?post=5077"}],"version-history":[{"count":38,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/5077\/revisions"}],"predecessor-version":[{"id":6641,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/posts\/5077\/revisions\/6641"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media\/5103"}],"wp:attachment":[{"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/media?parent=5077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/categories?post=5077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helpsysadmin.com.br\/blog\/wp-json\/wp\/v2\/tags?post=5077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}