Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Set login attempt limit for basic authentication

Posted on 2015-02-23
12
Medium Priority
?
190 Views
Last Modified: 2015-02-27
Hi,

Is it somehow possible to set a login attempt limit for basic authentication?
Now bots can keep on trying to login for ever. Would be nice if csf would block the ip after 10 attempts or something.
VPS with directadmin, csf installed.

Thanks!
0
Comment
Question by:peps03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 36

Expert Comment

by:Kimputer
ID: 40625387
Follow this guide:
Fail2ban install on CFS / Cpanel:
http://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt1.htm

You need this solution because Apache doesn't do rate limiting or any other anti-hammering protection.

If you move your authentication to a php based solution, you could use antihammer by corz.org (which I find more graceful, and no need to configure if installed as a plugin in Wordpress etc): http://corz.org/server/tools/anti-hammer/download.php
0
 

Author Comment

by:peps03
ID: 40625463
Hi!
Thanks for your reply!

Does fail2ban also work well with DirectAdmin?
Can / should i use fail2ban and CSF together? Or choose between them?

Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40625555
fail2ban is configured through ssh. It works with CSF together, provided you do the thinking and don't let it overlap (don't let fail2ban scan for apache logs, and let CSF do the same, include in one, exclude in the other).
Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:peps03
ID: 40625637
Thanks!

Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page

I meant for anti-hammer, the second thing you sent:
Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40625686
Fail2ban does the anti-hammering handling. You should read more carefully, more info here:
http://www.fail2ban.org/wiki/index.php/Downloads

If you meant anti-hammer by corz.org, that's a PHP solution (which I already said before).
0
 

Author Comment

by:peps03
ID: 40627718
Yes, i meant the php solution by corz.org. But as it is a php solution i assume it is site specific and not server wide.

What do you think of this script to auto block ips?
http://code.howto24.net/2012/09/25/how-to-block-brute-force-attack-automatically-in-directadmin/

Will it work / is it safe to try it?
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40627724
The PHP solution from corz.org is not server wide. It is implemented per site you have (put it on all php login pages).

The link you gave about brute force in directadmin is also not server wide, only watching for directadmin logins. But that doesn't mean it's not handy.
0
 

Author Comment

by:peps03
ID: 40627744
Doesn't it look server wide for hammering in all the DirectAdmin logs, via Brute Force monitor?

Could you explain this to me:


Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

What does this do?


Make chmod the brute_force_notice_ip.sh to 700.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40627826
It's documented that the bruteforce monitor only detects logins on port 2222

The script just passes on the IP numbers to the real blocking script.
0
 

Author Comment

by:peps03
ID: 40627903
Yes, that was so in the past. See point 2: http://help.directadmin.com/item.php?id=404
0
 
LVL 36

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 40627915
Okay, I see now. You can indeed go ahead to test this, but still depends on a lot of factors. Just implement as the documents say, and start testing with an external PC (simulate brute force, type in really fast, or press refresh in browser).
0
 

Author Closing Comment

by:peps03
ID: 40635107
Thanks! It worked out!
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
This article discusses four methods for overlaying images in a container on a web page
In this Micro Tutorial viewers will learn how to create navigation buttons that change on rollover, using CSS (Continuation of the CSS Image Sprite tutorial) Create a parent ID for all the list items       - Specify position: absolute and display: blockā€¦
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question