HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Is ISPConf Admin panel brute force attack safe? (http://www.howtoforge.com/forums/showthread.php?t=53385)

Bashewa 13th July 2011 03:45

Is ISPConf Admin panel brute force attack safe?
 
Hi Guys

Just want to know is my ISPConfig panel on port 8080 protected from brute force attacks trying to guess username and password?

I dont see any jails for it in fail2ban is it possible to set one up?

:confused:

Thanks

Alex

falko 13th July 2011 11:58

Quote:

Originally Posted by Bashewa (Post 259678)
I dont see any jails for it in fail2ban is it possible to set one up?

I don't think so because failed login attempts aren't logged anywhere, so fail2ban cannot know about them.

Better use a strong password. ;)

erosbk 14th July 2011 02:34

Ok, is it possible to add log for failed loggins? I already detected attacks to ispconfig in my logs...

pititis 14th July 2011 18:50

Hi,

you can check the attempts_login table in the database.

Cheers

till 16th July 2011 10:31

ISPConfig has its own mecahnism to block brute force attcks builtin (similar to what fail2ban is doing). So there is no need to use fail2ban for ispconfig logins.

Bashewa 16th July 2011 13:02

Is there anyway of adjusting the inbuilt brute force protection?

I.E. number of attempts and length of ban time?

till 16th July 2011 14:49

Not without modifying the code of the login.php script.


All times are GMT +2. The time now is 13:05.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.