Solved

Set login attempt limit for basic authentication

Posted on 2015-02-23
12
171 Views
Last Modified: 2015-02-27
Hi,

Is it somehow possible to set a login attempt limit for basic authentication?
Now bots can keep on trying to login for ever. Would be nice if csf would block the ip after 10 attempts or something.
VPS with directadmin, csf installed.

Thanks!
0
Comment
Question by:peps03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625387
Follow this guide:
Fail2ban install on CFS / Cpanel:
http://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt1.htm

You need this solution because Apache doesn't do rate limiting or any other anti-hammering protection.

If you move your authentication to a php based solution, you could use antihammer by corz.org (which I find more graceful, and no need to configure if installed as a plugin in Wordpress etc): http://corz.org/server/tools/anti-hammer/download.php
0
 

Author Comment

by:peps03
ID: 40625463
Hi!
Thanks for your reply!

Does fail2ban also work well with DirectAdmin?
Can / should i use fail2ban and CSF together? Or choose between them?

Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625555
fail2ban is configured through ssh. It works with CSF together, provided you do the thinking and don't let it overlap (don't let fail2ban scan for apache logs, and let CSF do the same, include in one, exclude in the other).
Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:peps03
ID: 40625637
Thanks!

Server wide is a bit abstract. fail2ban works with most services that have readable log files.

Installation instructions were in the link I sent:
Also more general info here:
http://www.fail2ban.org/wiki/index.php/Main_Page

I meant for anti-hammer, the second thing you sent:
Is it possible to install anti-hammer server wide?
I can't find any installation instructions.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40625686
Fail2ban does the anti-hammering handling. You should read more carefully, more info here:
http://www.fail2ban.org/wiki/index.php/Downloads

If you meant anti-hammer by corz.org, that's a PHP solution (which I already said before).
0
 

Author Comment

by:peps03
ID: 40627718
Yes, i meant the php solution by corz.org. But as it is a php solution i assume it is site specific and not server wide.

What do you think of this script to auto block ips?
http://code.howto24.net/2012/09/25/how-to-block-brute-force-attack-automatically-in-directadmin/

Will it work / is it safe to try it?
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40627724
The PHP solution from corz.org is not server wide. It is implemented per site you have (put it on all php login pages).

The link you gave about brute force in directadmin is also not server wide, only watching for directadmin logins. But that doesn't mean it's not handy.
0
 

Author Comment

by:peps03
ID: 40627744
Doesn't it look server wide for hammering in all the DirectAdmin logs, via Brute Force monitor?

Could you explain this to me:


Create script  /usr/local/directadmin/scripts/custom/brute_force_notice_ip.sh:

#!/bin/sh
SCRIPT=/usr/local/directadmin/scripts/custom/block_ip.sh
ip=$value $SCRIPT
exit $?;

What does this do?


Make chmod the brute_force_notice_ip.sh to 700.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 40627826
It's documented that the bruteforce monitor only detects logins on port 2222

The script just passes on the IP numbers to the real blocking script.
0
 

Author Comment

by:peps03
ID: 40627903
Yes, that was so in the past. See point 2: http://help.directadmin.com/item.php?id=404
0
 
LVL 35

Accepted Solution

by:
Kimputer earned 500 total points
ID: 40627915
Okay, I see now. You can indeed go ahead to test this, but still depends on a lot of factors. Just implement as the documents say, and start testing with an external PC (simulate brute force, type in really fast, or press refresh in browser).
0
 

Author Closing Comment

by:peps03
ID: 40635107
Thanks! It worked out!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question