Implement fail2ban to prevent brute force attack on a web site (using standard user authentication); work when the number of tries = maxretry+1

CKSoon

4/30/23, 1:48 AM

I am working on an course assignment to implement fail2ban to prevent brute force attack on a web site (using standard user authentication). I have set up my apache web server as well as fail2ban setting in my jail.local as follow:

[apache-auth] enabled = true port = http,https logpath = /var/log/httpd/demo-error_log maxretry = 3 bantime = 300

The sequence only works on the 4th failed attempt to block/ 'ban' the ip. The IP address was captured correctly in my logfile.

When I do the debugging, I observed that the authentication part only kicks in after the 3rd attempt, and I can only succeed on the 4th attempt.

Changing the maxretry to '4', I succeed on the 5th attempt (,ie. succeed only on maxretry+1)

Where could be the possible issue(s)? For guidance please. Thank you!

0 + 0

fail2ban

Score:1

Server

Chris Heath

4/30/23, 2:41 AM

This is working as expected.

maxretry is how many attempts will be tolerated so you will get a ban after maxretry+1 attempts

reference: https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server

0 + 0

CKSoon

4/30/23, 3:08 AM

Dear Chris, thank you for your reply.

CKSoon

4/30/23, 3:10 AM

In the url link you had advised, it was mentioned [QUOTE] The default for number of authentication failures necessary to trigger a ban is overridden in the SSH portion of the default configuration file to allow for 6 failures before the ban takes place. This is entirely configurable by the administrator. [UNQUOTE] how can I set the number of failures = maxretry?

Chris Heath

4/30/23, 3:17 AM

if your `maxretry` in the SSH section is higher than in the DEFAULT section then you can either change the values to match or remove/comment-out the line in the SSH section and it will use the DEFAULT `maxretry` value

Chris Heath

5/15/23, 1:11 AM

any update? and could you mark my answer as accepted if it helped you? thanks

CKSoon

5/16/23, 10:59 AM

Hi Heath, thank you for your advice. It was good in aiding my work. Cheers!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Implement fail2ban to prevent brute force attack on a web site (using standard user authentication); work when the number of tries = maxretry+1

TH: ใช้ fail2ban เพื่อป้องกันการโจมตีแบบเดรัจฉานในเว็บไซต์ (โดยใช้การรับรองความถูกต้องของผู้ใช้มาตรฐาน) ทำงานเมื่อจำนวนครั้งที่พยายาม = maxretry+1

RO: Implementați fail2ban pentru a preveni atacurile cu forță brută pe un site web (folosind autentificarea standard a utilizatorului); functioneaza cand numarul de incercari = maxretry+1

RU: Реализовать fail2ban для предотвращения атаки грубой силы на веб-сайт (используя стандартную аутентификацию пользователя); работать, когда количество попыток = maxretry+1

VI: Triển khai fail2ban để ngăn chặn tấn công vũ phu trên một trang web (sử dụng xác thực người dùng tiêu chuẩn); hoạt động khi số lần thử = maxretry+1

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.