authentication block

3 posts / 0 new
Last post
#1 Wed, 10/18/2006 - 16:19
WilliamWilson

authentication block

using virtualmin pro

Where are the settings for blocking an IP after too many failed login attempts to virtualmin. It appears to only block for a few minutes, is that correct?

this is the message I received, after typeing my password wrong about 3 or 4 times

Error - Access denied for ??.??.??.??. The host has been blocked because of too many authentication failures.

Wed, 10/18/2006 - 16:57
Joe
Joe's picture

Hey William,

You'll find all of the authentication settings in Webmin:Webmin:Webmin Configuration:Authentication. i.e. click the Webmin link in the right corner of the left hand menu, open up the Webmin category menu, click on Webmin Configuration. Finally, in the right content page click on Authentication.

There you can find all of the various authentication related security settings. The default timeout for failed login attempts is 60 seconds, and the number of wrong passwords is 5, but you can change them. I wouldn't change them too much though, as their purpose is to prevent brute force attacks, which are a very real threat (I've only a system compromised via any other means once, while I've seen brute force compromises due to weak passwords dozens of times).

--

Check out the forum guidelines!

Thu, 10/19/2006 - 08:37
WilliamWilson

perfect, found it thanks, no 5 attempts seems good to me, and I actually raised the timeout to 120 seconds. Just wanted to find out where it was.
Thanks

Topic locked