The DirectAdmin control comes with the Brute Force Attack Monitor where it will block the attacker IP to accessing the control panel at port 2222.
If there’s a lot of failure login to access the control panel, the user IP will be blacklisted as well and it will released after certain time (depend on your configuration in the directadmin control panel).
In case, you like to remove the IP from blacklist immediately, you will need to
Step 1 : SSH to the server
Step 2 : Edit the file
vi /usr/local/directadmin/data/admin/ip_blacklist
save it and restart the DirectAdmin service
/etc/init.d/directadmin restart