Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-18-2005, 08:36 AM   #1
Registered: Apr 2004
Location: Belgium Antwerpen
Distribution: slackware - knoppix
Posts: 141

Rep: Reputation: 18
login attempts to web-page. (time limits)


I'm wondering if it's possible to force some time-out between logon attempts to web pages hosted on an apache2 server.

I have the server running on my machine and just to test my security, a friend tried with brutus to force-guess the password. There I can see that there are lots of authentication requests every second.

I would like to know if it's possible to force some timeout between those attempts like say 1 or 2 seconds, then even those forcers have to try much much longer to crack the pwd. Like 1 attempt / second instead of 130.
Also, this 1 second time-out doesn't bother real logins when missing accidentally.

thanks for help.
If it is mentioned in the manual for apache, then I missed it, please point me to the right chapter then. thanks.

Old 01-20-2005, 01:23 PM   #2
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,575

Rep: Reputation: 181Reputation: 181
Do you mean Apache alone or something like Apache+PHP?
Old 01-20-2005, 01:42 PM   #3
Registered: Apr 2004
Location: Belgium Antwerpen
Distribution: slackware - knoppix
Posts: 141

Original Poster
Rep: Reputation: 18
In fact, I do have php and sql support installed.
What I mean is the following: in apache conf, I have these directives for directories like:


<Directory /usr/local/apache2/htdocs/php>
AuthType Basic
AuthName "Restricted php test area"
AuthUserFile /usr/local/apache2/pwd_auth/passwords
AuthGroupFile /usr/local/apache2/pwd_auth/groups
require user lieven robin

<Directory /usr/local/apache2/htdocs/moviedb>
AuthType Basic
AuthName "Restricted movie database"
AuthUserFile /usr/local/apache2/pwd_auth/passwords
AuthGroupFile /usr/local/apache2/pwd_auth/groups
require group dbusers


and thus I get this popup in my browser requesting a userid and password.
It seems that this brutus-thing can attempt to logon to my pages hundreds of times per second, guessing my passwd. (I myself have no experience with these kind of programs)
I would like to add an interval for the logon attempts. But maybe this has nothing to do with linux itself and I should look it up at the apache site.
(but if someone can tell me... )



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp web page login paul_mat Linux - Software 9 11-16-2005 03:13 AM
Web page load time in Linux browsers is slow compared to ... the_rhino Linux - General 1 02-11-2005 09:23 PM
user account time limits DAChristen29 Linux - Networking 2 12-24-2004 07:00 PM
Auto login and run firefox at a specific web page eraser Linux - Newbie 4 11-21-2004 06:34 PM
Traffic and time limits for internet users. pamsi Red Hat 0 12-15-2003 11:05 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:05 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration