Linux – Automatically Blacklist Failed Auth Attempts Via htaccess

apache-2.2linuxUbuntu

Ubuntu 9.10
Apache 2.2.12

Hi Guys,

I'm using a very basic htaccess setup to "protect" a portion of my site (non-critical portion but something I'd like to require basic auth to).

Is there a way to blacklist IPs that fail to provide the appropriate credentials too many times? I'd like to prevent users from having opportunities to guess username/passwords combinations over and over again…

Best Answer

Do you have root access to the server? There are a few programs that monitor log files for changes, checking for failed auth attempts. After X many failed attempts (user configurable) they then block the originating IP address (temporarily, if desired).

The two that I can remember are:

Fail2ban: install with sudo apt-get install fail2ban in Ubuntu then change the /etc/fail2ban/jail.local file (if it doesn't exist, just sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local ). The options in 'jail.local' are pretty self-explatatory but if you want more info you can check out the documentation at http://www.fail2ban.org/wiki/index.php/Main_Page
BlockHosts: (it's a little older, i'm not sure if it's still up to date) To install, follow the instructions at http://aczoom.com/cms/blockhosts
there are probably a whole heap more...

Related Solutions

Apache 2.2 – How to Redirect Root via .htaccess

Try this:

RewriteEngine on
RewriteCond %{HTTP_HOST} mysite\.com [NC]
RewriteCond %{REQUEST_URI} ^/$
Rewriterule ^(.*)$ http://mysecondsite.com/ [L,R=301]

If you don't need to check for the old domain (for example, if the directory where your .htaccess is placed is only used by the old domain) you can remove the second line.

Ubuntu – How to activate eth0 / eth1 earlier in ubuntu boot process

Unless you have done something weird networking is started before any services are started so I am a bit surprised things are not working.

I am not sure what you have in your /etc/network/interfaces file, but you may want to replace any lines like allow-hotplug eth0 with auto eth0. The hotplug option means that the interface will not be brought up until there is a fully negotiated network link.

I would also check your switch configuration. You may need to enable portfast or whatever the equivalent is on your switches. Portfast allows the computer to skip some of the negotiation related to spanning tree, vlans, and etherchannel and bring up the link faster. But you should not use this feature on any switch ports that are used to connect to other switches.

Best Answer

Related Solutions

Apache 2.2 – How to Redirect Root via .htaccess

Ubuntu – How to activate eth0 / eth1 earlier in ubuntu boot process

Related Topic