Bruteforce attack protection on Virtualmin

Besides webmin, authenthication delay for failed logis. It would be desirable a kind of fail2ban, sentry or CSF/LFD to improve security. Cpanel has a bruteforce attack protection. It would be highly disirable to have it on Virtualmin.

I saw 393 attempts until firewall blocked SSH port.

Status: 
Active

Comments

Webmin will progressively delay multiple failed logins from the same IP / user by default - so a brute force attack shouldn't be able to guess a password in any reasonable amount of time. Also, there is a fail2ban module that be configured to read Webmin logs.