Portal Home > Knowledgebase > Articles Database > brute force security help
brute force security help
Posted by bambinou, 08-18-2009, 01:59 PM |
Hello,
I have a dedicated server running red hat, I have noticed in the WHM panel that there is a brute force software that only works for all the logins linked to the server cpanel/WHM.
In my future website in PHP I will have 5 different types of logins, do you know a free software my web developers could link to each logins in order to protect them against password crakers/brute force attacks? Something easy to install.
Many Thanks,
BamBam
|
Posted by smajer, 08-18-2009, 09:28 PM |
Hello,
CPHulk shoud be able to do it for various services:
http://www.thewebhostinghero.com/tutorials/cphulk.html
|
Posted by bambinou, 08-19-2009, 03:39 AM |
Thanx mate,
I am going to have a look at it now
Regards,
BamBam
|
Posted by abdicar, 08-30-2009, 10:05 PM |
CPHulk works perfecly for us.
|
Posted by bambinou, 08-31-2009, 03:27 AM |
Do you know anywhere a good tutorial in order to install CPhulk in a php website rather than in wmh or cpanel?
Many Thanks,
BamBam
|
Posted by JoJoKinkaid, 09-01-2009, 12:46 AM |
Brute force never worked for us for the application you describe.
|
Posted by bambinou, 09-01-2009, 05:25 AM |
ok I got a little trick from the server provider
Some guys from the server support told me to password protect the page I wanted to secure, not the full directory but only a single file by adding a .htpasswd file with md5 encrypted code and this code on the .htaccess:
order deny,allow
#deny from all
allow from 333.333.333.333
allow from 111.222.333.333
AuthName "Please Login"
AuthType Basic
AuthUserFile /home/mysite/public_html/.htpasswd
Require valid-user
By having this, I and my programmers(living in a different country) can access the site admin panel, now by password protecting the site this way,apparently a log will be created each time a user logs in, the brute force software then anaylise all the server logs every(whatever time it is set at), if it sees an ip trying to access this protected page many time,the brute force will then kick this ip out.
This is a great method to protect your admin site page apparently.
so now I have to login page, one password protected by the .htpasswd and then my own admin login page, if the guys can pass through both then he is a kind of god......
|
Add to Favourites Print this Article
Also Read