VNC too many security failures

reikuzan

How to fix this?

It comes every 10-15minutes when i try to login it, and had to reboot the server and restart the vncserver eachtime. . .:/

Thanks.

pxhaxor

limit the IPs that can access your VNC port to your own IPs using firewall is probably one of the easiest method to secure your VNC

reikuzan

I have dynamic ip damn my isp

Chronic

SSH port forwarding, VPN...

sureiam

Change ssh port to something random and disable root login. Then open ssh and whatever has to be open. Tunnel everything else through ssh that you need. That includes ssh and whatever else.

reikuzan

Nvm, my friend tell me to set blacklist timeout to zero, somehow it worked. . .

vnc4server :1 -blacklisttimeout 0

Thx all.

reikuzan

@sureiam said:
Change ssh port to something random and disable root login. Then open ssh and whatever has to be open. Tunnel everything else through ssh that you need. That includes ssh and whatever else.

Seems little bit difficult to me, but thankz anyway.

manlivo

Try install fail2ban

budi1413

Misleading title. I though VNC have so many security issues. -_-

reikuzan

@budi1413 said:
Misleading title. I though VNC have so many security issues. -_-

Lol sorry, im new around here. And obviously im bad at english. . .

Clouvider

@reikuzan said:
Nvm, my friend tell me to set blacklist timeout to zero, somehow it worked. . .

vnc4server :1 -blacklisttimeout 0

Thx all.

Of course it did, now you’re going to be far easier to brutce force. Great solution :-).

jetchirag

@reikuzan said:
Nvm, my friend tell me to set blacklist timeout to zero, somehow it worked. . .

vnc4server :1 -blacklisttimeout 0

Thx all.

From xvnc manual:

Connections from a blacklisted IP address will be ignored, initially for a period of BlacklistTimeout seconds, but this period will double for each subsequent unsuccessful connection attempt thereafter until a successful attempt is made.

and

Specify a number of seconds during which connections from the VNC Viewer computer identified by BlacklistThreshold are forbidden. After this time, one further unsuccessful authentication attempt is permitted before BlacklistTimeout is doubled and applied again.

So by setting this limit to zero, you are basically disabling blacklist feature.

reikuzan

Hmmm, any ideas for a better way? Maybe a guide so i can learn?

Gods

@reikuzan said:
Hmmm, any ideas for a better way? Maybe a guide so i can learn?

Get a VPN or proxy. Get one preferably with static IP. For VPNs you can connect to certain nodes to get the same ip over and over again. Whitelist that IP.

Or wanna get really stealthy?

Implement port knocking. Essentially, you select 3 ports to be "knocked" in a sequence within a certain time frame. This will prompt the knocking program on your server to create a firewall rule to allow connections from your ip to a specific port. After you're finished, you "knock" 3 other different ports in a sequence within a certain time frame. This will trigger your knocking program on your server to delete the previous firewall rule.

Here is an article: https://blog.rapid7.com/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on-ubuntu-linux/

This essentially makes your ports invisible. This is usually used for SSH. To do this within a browser, you can use javascript to initiate the port knockings to open and close the ports.

Hope this helped