Limit retries for username/password-authentification

Limit retries for username/password-authentification

Post by Karsten Strun » Sun, 06 May 2001 21:17:04



Hi everyone here!

I have a members area installed on my homepage, so that every user has
to type in his username and password. This still works good. I use

AuthName "Members area"
AuthType Basic
AuthUserFile /etc/httpd/passwd

require valid-user

But yesterday somebody tried thousends of passwords for a special
username to get out that password.
Is there any possibility to avoid such attacks?

Is there any option to limit retries for logins? Some examples:
- only 5 login-tries per Minute
- only 3 login-tries from one IP-Adress each day.

Or is there anything similar to this? What can I do to get rid of such
attacks?

Thanks for help!

Bye

 
 
 

Limit retries for username/password-authentification

Post by flas » Tue, 08 May 2001 07:49:28


no, you could make a program which detects these and addes them to the
blocked ip thing

learn perl
and use cron, crontab

Quote:> Hi everyone here!

> I have a members area installed on my homepage, so that every user has
> to type in his username and password. This still works good. I use

> AuthName "Members area"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd

> require valid-user

> But yesterday somebody tried thousends of passwords for a special
> username to get out that password.
> Is there any possibility to avoid such attacks?

> Is there any option to limit retries for logins? Some examples:
> - only 5 login-tries per Minute
> - only 3 login-tries from one IP-Adress each day.

> Or is there anything similar to this? What can I do to get rid of such
> attacks?

> Thanks for help!

> Bye


 
 
 

Limit retries for username/password-authentification

Post by nob.. » Tue, 08 May 2001 19:41:57


Quote:> I have a members area installed on my homepage, so that every user has
> to type in his username and password. This still works good. I use

> AuthName "Members area"
> AuthType Basic
> AuthUserFile /etc/httpd/passwd

> require valid-user

> But yesterday somebody tried thousends of passwords for a special
> username to get out that password.
> Is there any possibility to avoid such attacks?

> Is there any option to limit retries for logins? Some examples:
> - only 5 login-tries per Minute
> - only 3 login-tries from one IP-Adress each day.

> Or is there anything similar to this? What can I do to get rid of such
> attacks?

I'm guessing this is Apache.  There may be a specific Apache solution
but you can also use mod_pam for authentication which brings you the
full power of PAM.

--
     \\   ( )
  .  _\\__[oo

 .  l___\\
  # ll  l\\
 ###LL  LL\\

 
 
 

1. qfull-retries/qfull-retry-interval in Sol 2.5.1 and Sol 2.6

I'm a bit confused about these capabilities in Solaris's HBA drivers.
From inspecting the include files in sys/scsi/adapters (and the man
page for scsi_if[sg]etcap), it would appear that these are functional
in Solaris 2.5.1.  However, they're only fully documented in the man
pages for the isp, fas and glm HBA drivers in Solaris 2.6.  The man page
for esp doesn't mention them under either version of Solaris.

Can someone at Sun clarify for me whether these capabilities can be set
in the appropriate conf file in /kernel/drv under Solaris 2.5.1?
Can they be set for the esp HBA?

Are there differences in qfull handling for most HBA drivers between Sol 2.5.1
and Sol 2.6?

Any clues will be most appreciated!

--
Steve Dyer

2. Support for the logitech marble+wheel in xf86?

3. Username/Password limit on web authorization

4. Simple Question: sqrt()

5. llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll

6. help needed configuring lrpng, nlsadmin etc

7. Linux {Oranization|Consortium|Foundation|?}

8. Where is the physical address of any kernel source code?

9. P L, PPCQAU7HGUTGG..........................VCCCCCCCCCCCCC AAAAAAAAAAAAAAAAAAAAANNNNNNNNNNNNNNNNNN777777777777777RRRRRRRRRRRRRRRRRBBBBBBBBBBBBBBBBBBBBBBB

10. TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT

11. Apache limit number of login retries

12. Limiting retries for badblocks ?

13. +++GET YOUR FREE PENTIUM CELERON-300+++____________________________________________________________________________________________w09 wpiypw pwioierio