[CentOS] [WTA] Automatically blocking on failed login
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon May 24 17:48:40 UTC 2010
> David Suhendrik wrote:
>> Hello All,
>> I had problems with the security server, the server is frequently
>> attacked using bruteforce attacks. Is there an application that can
>> perform automatic blocking when there are failed login to the ports
>> smtp, pop3 port, and others?
>>
>> I am currently using CentOS 5.5 in some servers
>> Thanks in advanced.......
>
> You can also do some amount of work with the pam mod_access and
> mod_tally modules.
>
I looked at that latter, and the one thing is that if blocks an account
after enough failures, even if they show the right credentials... but it
lets them keep trying, where fail2ban puts in a temporary firewall rule
(configurable, but by default it drops it after, um, I think 2 days), and
the rule is DROP, so they can't even try. And it doesn't fill your
logfiles.....
mark
More information about the CentOS
mailing list