Is ISPConf Admin panel brute force attack safe?

Discussion in 'General' started by Bashewa, Jul 13, 2011.

  1. Bashewa

    Bashewa Member

    Hi Guys

    Just want to know is my ISPConfig panel on port 8080 protected from brute force attacks trying to guess username and password?

    I dont see any jails for it in fail2ban is it possible to set one up?

    :confused:

    Thanks

    Alex
     
    Bashewa, Jul 13, 2011
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    I don't think so because failed login attempts aren't logged anywhere, so fail2ban cannot know about them.

    Better use a strong password. ;)
     
    falko, Jul 13, 2011
    #2
  3. erosbk

    erosbk New Member

    Ok, is it possible to add log for failed loggins? I already detected attacks to ispconfig in my logs...
     
    erosbk, Jul 14, 2011
    #3
  4. pititis

    pititis Member

    Hi,

    you can check the attempts_login table in the database.

    Cheers
     
    pititis, Jul 14, 2011
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig has its own mecahnism to block brute force attcks builtin (similar to what fail2ban is doing). So there is no need to use fail2ban for ispconfig logins.
     
    till, Jul 16, 2011
    #5
  6. Bashewa

    Bashewa Member

    Is there anyway of adjusting the inbuilt brute force protection?

    I.E. number of attempts and length of ban time?
     
    Bashewa, Jul 16, 2011
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Not without modifying the code of the login.php script.
     
    till, Jul 16, 2011
    #7

Share This Page