Submitted by jorgecardenas1 on Fri, 12/11/2015 - 22:29 Pro Licensee
Besides webmin, authenthication delay for failed logis. It would be desirable a kind of fail2ban, sentry or CSF/LFD to improve security. Cpanel has a bruteforce attack protection. It would be highly disirable to have it on Virtualmin.
I saw 393 attempts until firewall blocked SSH port.
Status:
Active
Comments
Submitted by JamieCameron on Fri, 12/11/2015 - 22:45 Comment #1
Webmin will progressively delay multiple failed logins from the same IP / user by default - so a brute force attack shouldn't be able to guess a password in any reasonable amount of time. Also, there is a fail2ban module that be configured to read Webmin logs.