How to handle large numbers bruteforcers
My login page is being bruteforced by a large number of IPs. What do you think is the best way to prevent this from happening?
|
Hello,
There are several ways. You could install and configure something like Fail2Ban which should do the trick. Until you've installed and configured some protection you could use this script I've found on the internet (don't remember where) which rejects connections from the same IP if the number of connections is greater then 10 (easy to adjust). I've changed that script to do a similar thing with SSH connections and recently put it in place on some production server that got attacked. Code:
#! /bin/bash Kind regards, Eric |
Hi,
Thanks for the bash script. I only have one question what does "--reject-with tcp-reset" does? Isnt "-j REJECT" enough? |
Hello,
You're welcome. From the man page of iptables: Quote:
http://www.lowth.com/cutter/#mozTocId654024 Kind regards, Eric |
The script IMHO is a kludge. Not only because use of UNIX commands ('lsof -ni4tcp:80|awk '/\(L/ {print $8}';' being short for using lsof, grep, grep and awk) but because it is forced to reap the connection table per IP and when you're dealing with large amounts of connections that can't be good no matter /proc being a VFS. Rejecting connections from the same IP if the number of connections is greater then 10 can be accomplished with a single rule:
Code:
iptables -A INPUT -i eth0 -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j DROP |
All times are GMT -5. The time now is 04:31 PM. |