Plesk brute force rules

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Plesk brute force rules

Unread post by faris »

The default Plesk login brute force rules don't seem strict enough to me.

Unlike the situation with email brute force, where you have to allow for users doing daft things or not realising their device has the wrong password and letting it retry endlessly, brute force attacks on Plesk itself, especially using the admin username, need pretty immediate action, I think.

What I'm seeing is something in the region of 128 login attempts before either 17506 or 17507 kick in.

I don't know how quickly ossec-hids can react, but personally I'd like a shun after 30 seconds at most. So maybe 5 to 10 failures in 30 seconds.

Is there a safe way to edit the current rules? Or do I have to create a custom rule?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4120
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Plesk brute force rules

Unread post by mikeshinn »

Could you share you logs?
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Plesk brute force rules

Unread post by faris »

Done. #1470 in zendesk.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply