Solved

Set login attempt limit for basic authentication

Posted on 2015-02-23
12
149 Views
Last Modified: 2015-02-27
Hi,

Is it somehow possible to set a login attempt limit for basic authentication?
Now bots can keep on trying to login for ever. Would be nice if csf would block the ip after 10 attempts or something.
VPS with directadmin, csf installed.

Thanks!
0
Comment
Question by:peps03
  • 6
  • 6
12 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625387
Follow this guide:
Fail2ban install on CFS / Cpanel:
http://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt1.htm

You need this solution because Apache doesn't do rate limiting or any other anti-hammering protection.

If you move your authentication to a php based solution, you could use antihammer by corz.org (which I find more graceful, and no need to configure if installed as a plugin in Wordpress etc): http://corz.org/server/tools/anti-hammer/download.php
0
 

Author Comment

by:peps03
ID: 40625463
Hi!
Thanks for your reply!

Does fail2ban also work well with DirectAdmin?
Can / should i use fail2ban and CSF together? Or choose between them?

Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625555
fail2ban is configured through ssh. It works with CSF together, provided you do the thinking and don't let it overlap (don't let fail2ban scan for apache logs, and let CSF do the same, include in one, exclude in the other).
Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:peps03
ID: 40625637
Thanks!

Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page

I meant for anti-hammer, the second thing you sent:
Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625686
Fail2ban does the anti-hammering handling. You should read more carefully, more info here:
http://www.fail2ban.org/wiki/index.php/Downloads

If you meant anti-hammer by corz.org, that's a PHP solution (which I already said before).
0
 

Author Comment

by:peps03
ID: 40627718
Yes, i meant the php solution by corz.org. But as it is a php solution i assume it is site specific and not server wide.

What do you think of this script to auto block ips?
http://code.howto24.net/2012/09/25/how-to-block-brute-force-attack-automatically-in-directadmin/

Will it work / is it safe to try it?
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40627724
The PHP solution from corz.org is not server wide. It is implemented per site you have (put it on all php login pages).

The link you gave about brute force in directadmin is also not server wide, only watching for directadmin logins. But that doesn't mean it's not handy.
0
 

Author Comment

by:peps03
ID: 40627744
Doesn't it look server wide for hammering in all the DirectAdmin logs, via Brute Force monitor?

Could you explain this to me:


Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

What does this do?


Make chmod the brute_force_notice_ip.sh to 700.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40627826
It's documented that the bruteforce monitor only detects logins on port 2222

The script just passes on the IP numbers to the real blocking script.
0
 

Author Comment

by:peps03
ID: 40627903
Yes, that was so in the past. See point 2: http://help.directadmin.com/item.php?id=404
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
ID: 40627915
Okay, I see now. You can indeed go ahead to test this, but still depends on a lot of factors. Just implement as the documents say, and start testing with an external PC (simulate brute force, type in really fast, or press refresh in browser).
0
 

Author Closing Comment

by:peps03
ID: 40635107
Thanks! It worked out!
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question