Protection from brute force attack

koval · May 8, 2018, 7:58am

Hello!
What about brute force attack in Manager? Is there mechanism which protect from this type of attack? Maybe fail2ban or other tools ?

Joe91 · May 8, 2018, 8:24am

Brute force attack on what? Desktop? Server? Cloud? edition

Desktop - possible but highly unlikely as gains would be very small

Server - that the responsibility of the IT management

Cloud - AWS should be handling this

koval · May 8, 2018, 9:00am

Server version.
I mean brute force attack on program, not on server. How IT management team could protect Manager from this type of attack ? Any instruction ?
I think we could use fail2ban. But I need log file with IP address with failed login. Does Manager login failed attempts?

Josiah · May 20, 2018, 5:16pm

The log file would indeed be nice, or if there is a way we can use google reCAPTCHA on the login page, it would be a great help.

koval · May 21, 2018, 12:02pm

As a temporary solution I’ve connected NGINX https auth proxy which write log to my server and Fail2Ban which parse this log. In this case my users have to login twice. Firs to connect with https auth and second to log in to the Manager. It is not convenient but much more secure if you program opened to the Internet.

Josiah · May 30, 2018, 3:10pm

do you have a small how to, how to do this/set this up?

koval · July 4, 2018, 11:07am

1.You need to install NGINX server for you distributive.
For Debian sudo apt-get install nginx

2.Put this configuration to the file /etc/nginx/url-adress.com

server {
listen 8001 ssl; # port for external user
server_name manager-en.jdmgroup.eu; #URL for external user
ssl on;
ssl_certificate /etc/letsencrypt/live/manager-en.jdmgroup.eu/cert.pem; #ssl cert
ssl_certificate_key /etc/letsencrypt/live/manager-en.jdmgroup.eu/privkey.pem; #ssl key

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES”;
ssl_prefer_server_ciphers on;

location / {
auth_basic “Restricted”; #For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; #For Basic Auth
proxy_pass http://127.0.0.1:8082; port where manager is listening on the server machine
}
error_page 400 497 https://$host:8001$request_uri;
}

3.Install fail2ban
sudo apt-get install fail2ban

4.Configure fail2ban for nginx_auth

d3mad · July 5, 2018, 12:00pm

nice work. I like it.

acecombat2 · July 5, 2018, 12:49pm

koval:

1.You need to install NGINX server for you distributive.
For Debian sudo apt-get install nginx

2.Put this configuration to the file /etc/nginx/url-adress.com

server {
listen 8001 ssl; # port for external user
server_name manager-en.jdmgroup.eu; #URL for external user
ssl on;
ssl_certificate /etc/letsencrypt/live/manager-en.jdmgroup.eu/cert.pem; #ssl cert
ssl_certificate_key /etc/letsencrypt/live/manager-en.jdmgroup.eu/privkey.pem; #ssl key

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES”;
ssl_prefer_server_ciphers on;

location / {
auth_basic “Restricted”; #For Basic Auth
auth_basic_user_file /etc/nginx/.htpasswd; #For Basic Auth
proxy_pass http://127.0.0.1:8082; port where manager is listening on the server machine
}
error_page 400 497 https://$host:8001$request_uri;
}

3.Install fail2ban
sudo apt-get install fail2ban

4.Configure fail2ban for nginx_auth
How To Protect an Nginx Server with Fail2Ban on Ubuntu 14.04 | DigitalOcean

Is there any guide to implement it in case of windows 10 os + apache webserver or caddy webserver that I could start reading?

Currently, I used for personal server, using openvpn to connect to my openvpn server which also host manager server software.

Tut · July 5, 2018, 1:20pm

No.

Ealfardan · January 18, 2023, 3:10pm