Is ISPConf Admin panel brute force attack safe?

Discussion in 'General' started by Bashewa, Jul 13, 2011.

  1. Bashewa

    Bashewa New Member

    Hi Guys

    Just want to know is my ISPConfig panel on port 8080 protected from brute force attacks trying to guess username and password?

    I dont see any jails for it in fail2ban is it possible to set one up?

    :confused:

    Thanks

    Alex
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I don't think so because failed login attempts aren't logged anywhere, so fail2ban cannot know about them.

    Better use a strong password. ;)
     
  3. erosbk

    erosbk New Member

    Ok, is it possible to add log for failed loggins? I already detected attacks to ispconfig in my logs...
     
  4. pititis

    pititis Member

    Hi,

    you can check the attempts_login table in the database.

    Cheers
     
  5. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    ISPConfig has its own mecahnism to block brute force attcks builtin (similar to what fail2ban is doing). So there is no need to use fail2ban for ispconfig logins.
     
  6. Bashewa

    Bashewa New Member

    Is there anyway of adjusting the inbuilt brute force protection?

    I.E. number of attempts and length of ban time?
     
  7. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Not without modifying the code of the login.php script.
     

Share This Page