Lock bad password attemps

How can I lock users after too many failed attempts to login?

Status: 
Active

Comments

Howdy -- that's actually something that should occur automatically, though you may want to tweak the specifics being used.

You can configure it in Webmin -> Webmin -> Webmin Configuration -> Authentication. On that screen, you can set "Failed login blocks", which can block a host for N seconds after X failed login attempts.

tpnsolutions's picture
Submitted by tpnsolutions on Wed, 12/10/2014 - 23:37

Hi,

As another option, or to add additional protection to your system you can also look at the open source "OSSEC" intrusion detection system which amongst other great things will block users for a period of time if they fail to authenticate after a number of attempts.

We use OSSEC and have been able to sleep a lot better at night since we first deployed it, all while keeping hundreds of hackers at bay :-)

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-229-0715 (new)
Skype: tpnsupport
Website: http://www.tpnsolutions.com