Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does SSHGuard protect against brute force WebGUI login attempts?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 479 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mhab12
      last edited by

      Just like the subject question...

      I was unaware of SSHGuard until updating to 2.4.4_1 today and like the sounds of it. Does it also protect the WebGUI from repeated login attempts and/or can it be made to do that?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        It was new in 2.4.4.

        Yes it does monitor web logins also:

        Dec  3 22:57:11 apu php-fpm[693]: /index.php: Session timed out for user 'admin' from: 172.21.16.5 (Local Database)
Dec  3 22:57:37 apu php-fpm[693]: /index.php: webConfigurator authentication error for user 'admin' from: 172.21.16.5
Dec  3 22:57:37 apu sshguard[5706]: Attack from "172.21.16.5" on service 380 with danger 10.

        There were some additional controls added in 2.4.4p1 for it in System > Advanced > Admin Access.

        Steve

        1 Reply Last reply Reply Quote 1
        • KOMK
          KOM
          last edited by

          If you're that concerned about brute-force attacks then do the sensible thing and don't expose WebGUI/ssh to WAN. Put it all behind OpenVPN and access it through that.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.