Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Set login attempt limit for basic authentication

Posted on 2015-02-23
12
Medium Priority
?
205 Views
Last Modified: 2015-02-27
Hi,

Is it somehow possible to set a login attempt limit for basic authentication?
Now bots can keep on trying to login for ever. Would be nice if csf would block the ip after 10 attempts or something.
VPS with directadmin, csf installed.

Thanks!
0
Comment
Question by:peps03
  • 6
  • 6
12 Comments
 
LVL 37

Expert Comment

by:Kimputer
ID: 40625387
Follow this guide:
Fail2ban install on CFS / Cpanel:
http://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt1.htm

You need this solution because Apache doesn't do rate limiting or any other anti-hammering protection.

If you move your authentication to a php based solution, you could use antihammer by corz.org (which I find more graceful, and no need to configure if installed as a plugin in Wordpress etc): http://corz.org/server/tools/anti-hammer/download.php
0
 

Author Comment

by:peps03
ID: 40625463
Hi!
Thanks for your reply!

Does fail2ban also work well with DirectAdmin?
Can / should i use fail2ban and CSF together? Or choose between them?

Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40625555
fail2ban is configured through ssh. It works with CSF together, provided you do the thinking and don't let it overlap (don't let fail2ban scan for apache logs, and let CSF do the same, include in one, exclude in the other).
Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:peps03
ID: 40625637
Thanks!

Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page

I meant for anti-hammer, the second thing you sent:
Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40625686
Fail2ban does the anti-hammering handling. You should read more carefully, more info here:
http://www.fail2ban.org/wiki/index.php/Downloads

If you meant anti-hammer by corz.org, that's a PHP solution (which I already said before).
0
 

Author Comment

by:peps03
ID: 40627718
Yes, i meant the php solution by corz.org. But as it is a php solution i assume it is site specific and not server wide.

What do you think of this script to auto block ips?
http://code.howto24.net/2012/09/25/how-to-block-brute-force-attack-automatically-in-directadmin/

Will it work / is it safe to try it?
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40627724
The PHP solution from corz.org is not server wide. It is implemented per site you have (put it on all php login pages).

The link you gave about brute force in directadmin is also not server wide, only watching for directadmin logins. But that doesn't mean it's not handy.
0
 

Author Comment

by:peps03
ID: 40627744
Doesn't it look server wide for hammering in all the DirectAdmin logs, via Brute Force monitor?

Could you explain this to me:


Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

What does this do?


Make chmod the brute_force_notice_ip.sh to 700.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 40627826
It's documented that the bruteforce monitor only detects logins on port 2222

The script just passes on the IP numbers to the real blocking script.
0
 

Author Comment

by:peps03
ID: 40627903
Yes, that was so in the past. See point 2: http://help.directadmin.com/item.php?id=404
0
 
LVL 37

Accepted Solution

by:
Kimputer earned 2000 total points
ID: 40627915
Okay, I see now. You can indeed go ahead to test this, but still depends on a lot of factors. Just implement as the documents say, and start testing with an external PC (simulate brute force, type in really fast, or press refresh in browser).
0
 

Author Closing Comment

by:peps03
ID: 40635107
Thanks! It worked out!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
Q&A with Course Creator, Mark Lassoff, on the importance of HTML5 in the career of a modern-day developer.
In this tutorial viewers will learn how to position overlapping items using z-index in CSS. They will also learn the restrictions on the z-index property.  Create a new HTML document with an internal stylesheet.: Create a div in CSS and name it Red.…
In this tutorial viewers will learn how to code links for mobile sites that, once clicked, send a call or text to a specified number. For a telephone link (once clicked, calls a number), begin with a normal "<a href=" link tag. For the href, specify…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question