store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Fri Nov 22, 2019 10:45 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Plesk brute force rules
Unread postPosted: Thu Mar 16, 2017 10:48 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
The default Plesk login brute force rules don't seem strict enough to me.

Unlike the situation with email brute force, where you have to allow for users doing daft things or not realising their device has the wrong password and letting it retry endlessly, brute force attacks on Plesk itself, especially using the admin username, need pretty immediate action, I think.

What I'm seeing is something in the region of 128 login attempts before either 17506 or 17507 kick in.

I don't know how quickly ossec-hids can react, but personally I'd like a shun after 30 seconds at most. So maybe 5 to 10 failures in 30 seconds.

Is there a safe way to edit the current rules? Or do I have to create a custom rule?

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: Plesk brute force rules
Unread postPosted: Wed Mar 22, 2017 5:53 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
Could you share you logs?

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Plesk brute force rules
Unread postPosted: Thu Mar 23, 2017 8:09 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Done. #1470 in zendesk.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group