| Posted By: peopleinside on September 6, 2014, 3:35 pm |
|
Hi,
i have installed Brute Force Detection, i see in the config file via SSH i should inser my email adress for notification, there are other options who i have to edit or this module is alredy active by default after installing it? Thanks ----------------------- PeopleInside 
Web, security, open source passionate. |
| Posted By: peopleinside on September 6, 2014, 5:20 pm | Post: 1 |
|
VERY IMPORTANT:
Some minutes after set up my email address for notification and i receve an email with 35 fail login attemps from IP of CINA who try to log in into SSH with different username admin and root. So it's very important Webuzo make more easy to set up notification email when user install this module or show install confirmation message with link for let user know how to setup notification. A question: In the email log i can see 35 failed login attemps.. For default setting after with number IP is banned if log in fails? Question 1: How i can check ban list od Brute Force Detection? Thanks I want to look into log for know what appen before today is one year i have Brute Force with no email alert set up.. Now i discover this i have turned off SSH and FTP access.. Question 2: Also Brute Force detection works, monitor and block attachs in FTP access too or only access to SSH? Question 3: If also FTP is Brute Force protected, maybe is possibile to have FTP access enabled and SSH disabled (now - from what i see is not possibile) maybe can be possibile in the future if this has sense for have SSH disabled but FTP enabled if there is no Brute Force attach notification problem? For example now i have discovered my SSH is under attack so i disabled it, if Brute force notifly me attach of FTP i will turn this one also off.. for now i see only one button who disabled FTP and SSH Thanks. ----------------------- PeopleInside
Web, security, open source passionate. |
| Posted By: peopleinside on September 6, 2014, 5:58 pm | Post: 2 |
|
I have made a mistake.
If you disable SSH you don't disabled FTP but i use SFTP so it's normal if i disable SSH SFTP are not avaiable. My mistake. ----------------------- PeopleInside
Web, security, open source passionate. |
| Posted By: peopleinside on September 6, 2014, 6:45 pm | Post: 3 |
|
Question 3 not need a reply.
New Question 4: There is a way to monitor all success log in attemp in SSH? I have read it's possibile with DenyHost (http://www.tecmint.com/5-best-practices-to-secure-and-protect-ssh-server/) After how many faliture attemps Brute Force ban an IP.. i don't understand why my log email alerted me of 35 failed login attemps from same IP.. maybe i have to check a settings where the BAN is set? thnaks for the patience and the reply ----------------------- PeopleInside
Web, security, open source passionate. |
| Posted By: valley on September 9, 2014, 6:26 am | Post: 4 |
|
Sir you can check the logs here
/var/log/bfd_log You can learn more about BFD from their official site https://www.rfxn.com/projects/linux-environment-security/ ----------------------- Webuzo : Single User Control Panel Join Webuzo : |