New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
anti brute-force api solution,
Hello,
My api is being attacked by many proxies,
i realized this is all proxy , currently i am checking that ip address is proxy by checking port 80 or 22 of that ip then deny
However above solution only on api makes this php api work very slow
I found the specific security mod: https://snippets.aktagon.com/snippets/563-brute-force-authentication-protection-with-modsecurity
however when i put it in i get an error not compatible with nginx version ,
can anyone help me with this problem?
# Retrieve the username
SecAction phase:2,nolog,pass,initcol:USER=%{ARGS.username}
# Enforce an existing username block
SecRule USER:bf_block "@eq 1" \
"phase:2,deny,\
msg:'Username \"%{ARGS.username}\" blocked because of suspected brute-force attack'"
# Check that this is a POST
SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass"
# AND Check for authentication failure and increment counters
# NOTE this is for a Rails application, you probably need to customize this
SecRule RESPONSE_STATUS "^200" \
"setvar:IP.bf_counter=+1"
# Check for too many failures for a single username
SecRule USER:bf_counter "@ge 3" \
"phase:5,t:none,pass,\
setvar:USER.bf_block,\
setvar:!USER.bf_counter,\
expirevar:USER.bf_block=600"
Column: 29. Invalid input:
Comments
You are being attacked by L4 bots operated by Diamwall co-developed by weasel.
Pay ransom to Diamwall and they'll stop attacking.
Linux? Configure fail2ban to ban IPs based on security logs. Log incorrect logins then ban for 1day, then increment by x2 for next attempt.