New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Urgent! CSF IP block due to repeated login failure
Hi,
I have a dedicated box and one of my client regularly types wrong password most of the time and due to which IP gets blocked and He cannot login.
Problem what i see:
- They type wrong password on webmail.
- They have a wrong setup which tries to login using mobile/tablets.
Once its unblocked it works for them and suddenly IP gets blocked due to repeated failures (i doubt this may be through mobile/tablets).
Since they have several mail ids, My customer asks me to block only email account which tries to wrongly login and not the entire domain or IP.
Can this be done? Or any alternative solutions?
Kindly assist.
Thanks,
Puneetha
Comments
Thanks. What if IP regularly changes? Since they might be using a BROADBAND connection.
Try delete the ip from csf.deny file then restart csf.
Setup dynamic dns and use csf.dyndns ?
No.
CSF log IP and block particular IP with multiple incorrect login, not by email account.
or automatically unblock in 5 minutes, nobody will bruteforce something if has to wait 5 minutes but somene who knows is inept at passwords will have the patience to wait.
Don't compromise security for some idiot who keeps typing in the wrong password all the time.
iptables -L INPUT -v -n | grep IP_HERE
iptables -A INPUT -s IP_HERE -j DROP
save and restart
I assume you're talking about a VPS here, so you might think about allowing the SSH access based on MAC address with something like this:
iptables -I INPUT -p tcp --dport 22 -m mac --mac-source MAC_HERE -j ACCEPT
I guess your client is using dynamic IP?
If static, just use @Maounique solution