Hey,
fail2ban.sourceforge.net for details. I'm looking for
something that basically tells people trying to ssh
brute-force my ipcop box (or anything exposed to the
web from behind it) to take a flying leap. I use
fail2ban on my own webserver, and love it.
Thanks!
Logged In: YES
user_id=317036
Sounds like a solution looking for a problem. By default
IPCop's sshd is not exposed on red... if you do enable
external access best practice would be to restrict it to
certain IPs and not leave it open for all. Even if you had
enabled external access with no restrictions, IPCop's sshd
runs on port 222 whereas all the brute force scripts look
for ssh on port 22. Have you ever seen a single attempt to
brute force ssh on IPCop?
The 'anything exposed to the web from behind it' idea might
be worthwhile, but I'm not sure how it would be implemented.
In order to block brute forces you need to know whether a
log in is succesful or failed, which only the server in
question can know. How would IPCop tell the difference
between brute force attempts and legitimate connections?
Logged In: YES
user_id=1319917
I released fail2ban as an addon.
Download and Info here:
http://mh-lantech.css-hamburg.de/ipcop/download.php?view.133
Logged In: YES
user_id=1319917
The reason i released fail2ban is that it is exactly what i
need for a guy with an internet cafe.
He uses ipcop as firewall and has the problem that some
people discovered the webinterface and tried to log in.
So he just whitelists his admin machine and is very lucky
with this solution.
fail2ban blocks an ip after you have entered the wrong
password three times (could be changed to wathever you want)
and i could not remember to have ever done this more then
twice (after second wrong try a normally look into my notices).
Logged In: YES
user_id=237853
Interesting, and thanks. Should help with some of the bad
actors out there.
Logged In: YES
user_id=722476
its better to requrie a wait time of approx. 20 seconds
efter each login attempt. This would mean one password try
for each 20 seconds.
OR specify a rate a normal human NEVER would be able to
reach. For example 70 passwords / minute. And then ban
the "offending" IP in 4 weeks. (4 weeks because many ISP
change the IP of dynamic customers after the end of month)
rkerr> Sounds like a solution looking for a problem
Exactly. Won't implement.