Results 1 to 11 of 11
  1. #1
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    420

    3 strikes and you're out?

    I currently have two folders protected with .htaccess and right now I can input a user name and password incorrectly until I turn blue and it won't stop me.

    Is there a way to only allow say three wrong entries then place a 10-15mins IP ban? Or at least take them to a different screen telling them they have entered the incorrect username and password? Something that would better protect against a brute force attack!?

  2. #2
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    If you have root access, and this is a CPanel server then check out csf. This is just what you're looking for here.

    If you DON'T have root access, then this will need to be handled differently.
    The best way to deal with this is to redirect all permission denied (bad auth) attempts to a php page, which gathers data based on their ip. Once that data is gathered, and the threshold is met, then you will need to ban the ip.

    Using php, this can be done by using a "ban" wrapper in your headers. Before anything is sent, check a ban script, something like
    Code:
     select ipaddr from ban_table where ipaddr=ipaddr
    will suffice. If the ip address appears there, then you can simply
    Code:
    die("yourcustomstatementhere");
    Of course, if you go THAT way, make sure to give yourself a way out
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  3. #3
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    420
    I do have root access as I'm on a dedicated machine, however is CSF the only option for this?

  4. #4
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    It's the easiest option, yes.
    If this isn't a CPanel server, don't even try it, it won't work
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  5. #5
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    420
    It is a dedicated box with cPanel. Moving to a whole new firewall seems a bit drastic - does APF not offer something like this?

    Just curious.

  6. #6
    Join Date
    May 2006
    Posts
    1,398
    there is a bruteban module for apache http://mion.elka.pw.edu.pl/~lantonia...d_bruteban.php

    On the csf and other modules, i think they only parse /var/log/messages for invalid logins, not totally sure about the csf daemon that deals with it. But invalid htaccess attempts dont show in there so i dont see how it can ban it.

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    On the csf and other modules, i think they only parse /var/log/messages for invalid logins, not totally sure about the csf daemon that deals with it. But invalid htaccess attempts dont show in there so i dont see how it can ban it.
    If ya don't know, don't post .
    CSF/LFD do, in fact ban invalid .htaccess attempts.

    If you're running APF, give CSF a try, you'll find it's a LOT more user friendly, a LOT more worthwhile than APF itself. CSF handles things on a much better level than APF could even begin to try to, including .htaccess login attempts, failed root login attempts, invalid email login attempts (for cpanel), brute force attacks (on a MUCH better scale than APF), etc. It's all around a much better tool.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  8. #8
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    420
    linux-tech,

    How long have you been using CSF and on how many servers?

    I've had this dedicated box for about 2-3 years now and have never had a problem with APF. I kinda hate switching to CSF just the old saying - "If it ain't broke, don't fix it." That and I worry about trusting something that hasn't been around very long, or at least I've never heard of it.

  9. #9
    Join Date
    Sep 2005
    Location
    In canada
    Posts
    3,213
    Quote Originally Posted by linux-tech
    It's the easiest option, yes.
    If this isn't a CPanel server, don't even try it, it won't work
    Yes CSF is great, it locked myself out of my own box cause i forgot to enter right username and kept typing the password.

    And yes it bans ips, if you are wondering what it does. APF is not as good a solution as CSF (although csf uses bit more processing power cause it checks like every 5 seconds ).

    Woodie, if you like APF stick with it, but CSF is real nice, simple easy to configure and works great, it does the work of BFD+APF combined and much more.

  10. #10
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    How long have you been using CSF and on how many servers?
    I've been using it since it's been out (just over 6 months) and put it on all client servers. I won't discuss how many, but there are over 20 servers I admin with it on them.

    I worry about trusting something that hasn't been around very long, or at least I've never heard of it.
    Just because you haven't heard of it doesn't mean it's not been around that long. It's been out for quite a few months, and produces one of the most active threads on the cpanel forums.

    CSF/BFD handles a great deal more than APF could even imagine. It's not about "if it aint broke, don't fix it", it's about keeping up to date with security, knowing what's going on with your server, etc.

    For your current needs (banning by login failures in websites), CSF is the easiest solution to use. Otherwise, you can develop custom solutions, or load apache down with another module compiled into it.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  11. #11
    Join Date
    Feb 2002
    Location
    Indiana
    Posts
    420
    What kinds of system specs are you running Linux-Tech? Doing a quick search and and even on cPanel's forum a common complaint is the amount of resources it uses.



    -Michael

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •