How to block incorrect login attempts (dictionary attacks) using Fail2Ban
If your Asternic CCStats installation is exposed to the public Internet, your server will be the target for multiple atacks, including possible password dictionary attacks.
You can use Fail2Ban on your server to proactively deny access to those attempting multiple bad login attempts, by creating some special configurations into it.
On a standard Fail2Ban installation on Centos/Redhat based systems, you should do the following:
Create the file
/etc/fail2ban/filter.d/asternic.conf With this content:
[INCLUDES] before = common.conf [Definition] failregex = ^%(__prefix_line)s <HOST> .*"(GET|POST|HEAD) /.*ajax-message.php\?message=Bad\+username.*$ ignoreregex =
Then create another file:
With this content:
[asternic] enabled = 1 logpath = /var/log/httpd/ssl_request_log maxretry = 5 bantime = 43200 ignoreip = 127.0.0.1
Note in the above file it is using https/ssl access logs for Apache on Centos, if you do not use https/ssl, you must check the /var/log/httpd/access_log instead. If you use any other distribution like Debian/Ubuntu, your log will be most probably located in /var/log/apache2/access.log
After adding the two files, restart fail2ban:
systemctl restart fail2ban
From then on, your system will ban hosts that make 5 consecutive incorrect login attempts into Asternic CCStats Pro.