var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
I've configured BFD to automatically email me and drop connections using iptables when someone attempts 15 failed logins.
This is working fine but it does not block after 15 logins - it can be anything upto 70+ failed logins before it kicks in:
SOURCE ADDRESS: ***.***.***.179
TARGET SERVICE: sshd
FAILED LOGINS: 70
EXECUTED COMMAND: /sbin/iptables -A INPUT -s ***.***.***.179 -j DROP
Is there any reason why it takes so long and can I speed it up?
BFD runs on a Cron job every 8-10 minutes, so once they reach the 15 login limit this will trigger BFD to block that IP on the next cron run, which may be run in 7 minutes time which would then give them time to login 70+ times.
Change the Cron to run every minute - location: /etc/cron.d/bfd
C program run. C program crash. C programmer quit.
1. Even at 1 minute interval checks, an automated attacker can get in a score or more attempts before a block.
2. There's going to be a trade off between frequency of running BFD (resource utilization), and #1.
Typically the default works best; but as shared above, feel free to modify.
To block an IP, you should use Insert, not Append :
Originally Posted by
EXECUTED COMMAND: /sbin/iptables -I INPUT -s ***.***.***.179 -j
★ NinjaFirewall :
Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring :
Monitor your website for suspicious activities.
CSF blocks immediately, perhaps consider switching; you won't be sorry.
By TomBoy123 in forum Hosting Security and Technology
Last Post: 07-05-2009, 11:12 AM
By iHubNet in forum Hosting Security and Technology
Last Post: 10-27-2006, 04:30 AM
By variable in forum Hosting Security and Technology
Last Post: 01-22-2006, 09:05 PM
By aqi32 in forum WHT Announcements, Feedback and Questions
Last Post: 02-03-2005, 05:54 PM
By mrzippy in forum Programming Discussion
Last Post: 07-15-2003, 01:01 PM