Solved

Set login attempt limit for basic authentication

Posted on 2015-02-23
12
128 Views
Last Modified: 2015-02-27
Hi,

Is it somehow possible to set a login attempt limit for basic authentication?
Now bots can keep on trying to login for ever. Would be nice if csf would block the ip after 10 attempts or something.
VPS with directadmin, csf installed.

Thanks!
0
Comment
Question by:peps03
  • 6
  • 6
12 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625387
Follow this guide:
Fail2ban install on CFS / Cpanel:
http://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt1.htm

You need this solution because Apache doesn't do rate limiting or any other anti-hammering protection.

If you move your authentication to a php based solution, you could use antihammer by corz.org (which I find more graceful, and no need to configure if installed as a plugin in Wordpress etc): http://corz.org/server/tools/anti-hammer/download.php
0
 

Author Comment

by:peps03
ID: 40625463
Hi!
Thanks for your reply!

Does fail2ban also work well with DirectAdmin?
Can / should i use fail2ban and CSF together? Or choose between them?

Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625555
fail2ban is configured through ssh. It works with CSF together, provided you do the thinking and don't let it overlap (don't let fail2ban scan for apache logs, and let CSF do the same, include in one, exclude in the other).
Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page
0
 

Author Comment

by:peps03
ID: 40625637
Thanks!

Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page

I meant for anti-hammer, the second thing you sent:
Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625686
Fail2ban does the anti-hammering handling. You should read more carefully, more info here:
http://www.fail2ban.org/wiki/index.php/Downloads

If you meant anti-hammer by corz.org, that's a PHP solution (which I already said before).
0
 

Author Comment

by:peps03
ID: 40627718
Yes, i meant the php solution by corz.org. But as it is a php solution i assume it is site specific and not server wide.

What do you think of this script to auto block ips?
http://code.howto24.net/2012/09/25/how-to-block-brute-force-attack-automatically-in-directadmin/

Will it work / is it safe to try it?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 35

Expert Comment

by:Kimputer
ID: 40627724
The PHP solution from corz.org is not server wide. It is implemented per site you have (put it on all php login pages).

The link you gave about brute force in directadmin is also not server wide, only watching for directadmin logins. But that doesn't mean it's not handy.
0
 

Author Comment

by:peps03
ID: 40627744
Doesn't it look server wide for hammering in all the DirectAdmin logs, via Brute Force monitor?

Could you explain this to me:


Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

What does this do?


Make chmod the brute_force_notice_ip.sh to 700.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40627826
It's documented that the bruteforce monitor only detects logins on port 2222

The script just passes on the IP numbers to the real blocking script.
0
 

Author Comment

by:peps03
ID: 40627903
Yes, that was so in the past. See point 2: http://help.directadmin.com/item.php?id=404
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
ID: 40627915
Okay, I see now. You can indeed go ahead to test this, but still depends on a lot of factors. Just implement as the documents say, and start testing with an external PC (simulate brute force, type in really fast, or press refresh in browser).
0
 

Author Closing Comment

by:peps03
ID: 40635107
Thanks! It worked out!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now