Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Urgent! CSF IP block due to repeated login failure
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Urgent! CSF IP block due to repeated login failure

Hi,

I have a dedicated box and one of my client regularly types wrong password most of the time and due to which IP gets blocked and He cannot login.

Problem what i see:

  1. They type wrong password on webmail.
  2. They have a wrong setup which tries to login using mobile/tablets.

Once its unblocked it works for them and suddenly IP gets blocked due to repeated failures (i doubt this may be through mobile/tablets).

Since they have several mail ids, My customer asks me to block only email account which tries to wrongly login and not the entire domain or IP.

Can this be done? Or any alternative solutions?

Kindly assist.

Thanks,
Puneetha

Comments

  • @Jack said:
    -ca, --callow ip Allow an IP in a Cluster and add to /etc/csf.allow

    Thanks. What if IP regularly changes? Since they might be using a BROADBAND connection.

  • Try delete the ip from csf.deny file then restart csf.

  • netider said: Thanks. What if IP regularly changes? Since they might be using a BROADBAND connection.

    Setup dynamic dns and use csf.dyndns ?

  • No.

    CSF log IP and block particular IP with multiple incorrect login, not by email account.

  • MaouniqueMaounique Host Rep, Veteran

    or automatically unblock in 5 minutes, nobody will bruteforce something if has to wait 5 minutes but somene who knows is inept at passwords will have the patience to wait.

  • Don't compromise security for some idiot who keeps typing in the wrong password all the time.

    iptables -L INPUT -v -n | grep IP_HERE
    iptables -A INPUT -s IP_HERE -j DROP
    save and restart

    I assume you're talking about a VPS here, so you might think about allowing the SSH access based on MAC address with something like this:

    iptables -I INPUT -p tcp --dport 22 -m mac --mac-source MAC_HERE -j ACCEPT

  • @netider said:

    I guess your client is using dynamic IP?

    If static, just use @Maounique solution

Sign In or Register to comment.