Closed GoogleCodeExporter closed 9 years ago
Very useful option I think.
After successful login you can do:
# echo -"your_rem_ip" > /proc/net/xt_recent/blacklist
or
# echo / > /proc/net/xt_recent/blacklist
the first one removes ip address, which you connected (your_rem_ip) from
blacklist
the second - cleans blacklist
Original comment by d...@soulblader.com
on 9 May 2014 at 2:16
I don't agree that it is very useful that a *successful* login creates an entry
in the blacklist! For my understanding, the blacklist shall prevent hackers to
enter my account with brute force, as it blocks access after the third false
attempt. Once somebody got my password and entered my account, he can do
anything he wants, including changing the password and deleting the blacklist.
So, this option doesn't add any secuurity once the account was hacked. But it
forces me to write a .login script that removes "my_rem_ip" from the blacklist
after every login (from hotel, mobile network etc.). I would prefer if only
login failures would create an entry in the blacklist.
By the way - is there an option to block specific IP adresses from VPN access
forever? For example, block the Chinese 183.60.48.25 and 14.17.35.181 who scan
IP adresses worldwide and try VPN access every second day?
Original comment by ulysses....@gmail.com
on 9 May 2014 at 7:25
Sure it is.
Add to /etc/storage/post_iptables_script.sh something like:
iptables -I INPUT -s 183.60.48.25 -j DROP
You know, it is called "SSH Server Brute-force protection" by Andy, and it is
implemented by ipfilter. So it can be used for any other traffic. That's why I
think it is very useful. BTW, openssh has its own implementation of brute-force
protection. There are some options like MaxStartups etc.
Original comment by d...@soulblader.com
on 10 May 2014 at 8:23
Original issue reported on code.google.com by
ulysses....@gmail.com
on 6 May 2014 at 9:18