I am for 100% sure that Hestia logins are allready banned (Including attempts via api in 1.4)
Same for SSH, SFTP (As it is SSH), SMTP and Imap…
PHPmyadmin should be enabled some how. (Same as for phpgadmin in enabled)
@eris Just did a quick search on google…
[Definition]
failregex = ^<HOST> -.*"(GET|POST).*/phpmyadmin/index\.php\?pma_username=root&pma_password=.*$
ignoreregex =
[phpmyadmin]
enabled = true
port = http,https
filter = phpmyadmin
action = iptables-multiport[name=PHPMYADMIN, port="http,https", protocol=tcp]
logpath = /var/log/nginx/access.log
bantime = 3600
findtime = 60
maxretry = 3Hi @liamgibbins ,
How are you doing with that rule? Is it working okay? Have you banned many attempts so far?
@jlguerrero I haven’t looked to be honest but I have done several more tests and it’s working.
I still need to find the time to make the loop rule.
I did a quick Google and found this page that helps combat cleaver bots, I found this very interesting, especially the randomised bantimes, you can also make your own formula for the ban time.
This option is very interesting and easy to set up BUT
- customers might get banned over time several times. This rule should not be applied on customers logins or we would be punishing our customers or ourselves.
- redicidive works perfectly and you don’t have to come up with a formula.
It’s an option, I am looking at using it for email and SSH as I have alot of attempts on my system from these and see how it works…
Probably start with something like 50 login attempts in 10 mins and work it from there up and down on the attempts see where the sweetspot is.
The feature to randomised bantime withing a range is good to help combat cleaver bots.
Enable “blacklist” ipset in the pannel login attempt will go down with a lot
Will follow later with an update on how to do it in the docs or just searched the forum.
1 Like
I ban for 3600 seconds if 4 attempts fail within 600 seconds for the ssh jail.
And recidive 1 week
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.