HTACCESS issue. Proxy brute force attacks. Help me!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Miura
    Confirmed User
    • Jan 2005
    • 278

    #1

    HTACCESS issue. Proxy brute force attacks. Help me!

    How can I limit the number of failed login attempts (passwd authentification thru htaccess) to once every 30 seconds for example to prevent proxy brute force attacks and reduce my server's load? Is there any way to configure mod_auth and add a line in the .htaccess file to do that?
    I use pennywize but its not enough. I am getting a massive attack and absolutely need to stop it. Each attack (failed request) is leaving a process unfinished, so the server kills the "child" process left open by the "parent" after a relatively long period of time making the server load very high. Even if I reduce it, getting so many failed requests per second is just too much and I might prevent access to legit members.
    Thanks in advance for any help you kind people may give me.
    Alex
  • NaughtyRob
    Two fresh affiliate progs
    • Nov 2004
    • 29602

    #2
    Damn, that sucks. We were getting attacked last week. Our server guys handles it and was having a tough time.
    [email protected]
    Skype: 17026955414
    Vacares Web Hosting - Protect Your Ass with Included Daily Backups

    Comment

    • fusionx
      Confirmed User
      • Nov 2003
      • 4618

      #3
      Originally posted by Miura
      How can I limit the number of failed login attempts (passwd authentification thru htaccess) to once every 30 seconds for example to prevent proxy brute force attacks and reduce my server's load? Is there any way to configure mod_auth and add a line in the .htaccess file to do that?
      I use pennywize but its not enough. I am getting a massive attack and absolutely need to stop it. Each attack (failed request) is leaving a process unfinished, so the server kills the "child" process left open by the "parent" after a relatively long period of time making the server load very high. Even if I reduce it, getting so many failed requests per second is just too much and I might prevent access to legit members.
      Thanks in advance for any help you kind people may give me.
      There's not much you can do when they are using proxies, at least based on time between login attempts.

      I'd suggest you contact Ray Morris and ask him. I'm almost positive his Strongbox software will handle this. If he's online he'll probably get it installed right away. I can't speak for him, of course, but he seems to be like that

      Ray's ICQ is 7-208-627

      Comment

      • Miura
        Confirmed User
        • Jan 2005
        • 278

        #4
        Originally posted by fusionx
        There's not much you can do when they are using proxies, at least based on time between login attempts.

        I'd suggest you contact Ray Morris and ask him. I'm almost positive his Strongbox software will handle this. If he's online he'll probably get it installed right away. I can't speak for him, of course, but he seems to be like that

        Ray's ICQ is 7-208-627
        Thank you very much! I'll get in touch with him and see if his soft can help.
        Alex

        Comment

        • Beerbar
          Confirmed User
          • Oct 2004
          • 145

          #5
          I had the same issues when running just pennywise. I now use proxypass as well, it has stopped all the brute force proxy attacks cold.

          http://www.proxypass.com/

          I run both pennywise and proxypass because I like the reporting functions for member access with pennywise, they recommend not to it because of server load concerns but I've not had any problem have both running so far.

          Comment

          • hyper
            Confirmed User
            • Mar 2002
            • 5294

            #6
            http://www.bettercgi.com/strongbox/

            Comment

            • Miura
              Confirmed User
              • Jan 2005
              • 278

              #7
              Originally posted by Beerbar
              I had the same issues when running just pennywise. I now use proxypass as well, it has stopped all the brute force proxy attacks cold.

              http://www.proxypass.com/

              I run both pennywise and proxypass because I like the reporting functions for member access with pennywise, they recommend not to it because of server load concerns but I've not had any problem have both running so far.
              Looks really good but at $50/month I find it expensive. Pennywize + ProxyPass = $90/month.
              Alex

              Comment

              • Beerbar
                Confirmed User
                • Oct 2004
                • 145

                #8
                Yea, each site is different, you just have to figure out if its worth it for your site. 90$ per month verses wasted time dealing with hacked membership accounts, rebill cancellations and bandwidth usage caused by hacked passwords.

                Comment

                • Miura
                  Confirmed User
                  • Jan 2005
                  • 278

                  #9
                  Originally posted by Beerbar
                  Yea, each site is different, you just have to figure out if its worth it for your site. 90$ per month verses wasted time dealing with hacked membership accounts, rebill cancellations and bandwidth usage caused by hacked passwords.
                  Every login is the member's e-mail address + an auto-generated password made of 8 characters with Upper/lowercase characters so all the attempts to hack in always fail. 99% of attacks are dictionary or single word/numbers combinations. I have never had a login compromised in 7 years of running the site. My problem is the server load.
                  Alex

                  Comment

                  Working...