# Banning clients in ocserv works with a point system. IP addresses
# that get a score over that configured number are banned for
# min-reauth-time seconds. By default a wrong password attempt is 10 points,
# a KKDCP POST is 1 point, and a connection is 1 point. Note that
# due to different processes being involved the count of points
# will not be real-time precise. Local subnet IPs are exempt to allow
# services that check for process health.
#
# Set to zero to disable.
max-ban-score = 80
# The time (in seconds) that all score kept for a client is reset.
ban-reset-time = 1200
# In case you'd like to change the default points.
#ban-points-wrong-password = 10
#ban-points-connection = 1
#ban-points-kkdcp = 1
使用的anylink版本 ?
使用操作系统的类型和版本?
使用linux 内核版本?
遭遇到了爆破登录尝试,虽然anylink安全很高,但总归是会对服务器造以及数据库成压力。 建议添加类型
ocserv
的防爆破功能,单位时间内登录失败次数达到特定次数,限制用户接下来一段时间不可登录。爆破的相关日志如下:
![image](https://github.com/bjdgyc/anylink/assets/20103297/ba5a9c93-7bce-4cde-9289-0c6227030aff)