[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to push back against repeated login attempts?

Of course, dictionary or random attacks will be drastically hampered
if you limit how often they can fail.  3 failures or so causes a
lockout for some hours is the usual.  Failed attempts can constitute a
denial of service attack under some circumstances though due to
network chatter.

On 3/2/21, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> On Tue, Mar 2, 2021 at 9:51 AM <oregano@disroot.org> wrote:
>> Considering running a freedom box or similar, I have a RPi running Buster
>> outside my home router's DMZ. It was discovered within a short time
>> (minutes or hours) of first being setup.
> ahh yes.  welcome to the discovery that there are people running
> extremely sophisticated long-running break-in attempts, world-wide.
>> It now has fail2ban running with defaults. Over about the last month,
>> fail2ban logs show about 35,000 "unbans" from about 3700 unique IPs.
> if you want to do something "gradual", use fail2ban recidive.
> i decided 3 years ago that enough was enough, and simply set all and
> any failed password attempts at an instant 2 week ban.  by running
> OpenVPN i can at least get in if i happen to make a mistake.
> l.

Education is contagious.

Reply to: