Does SSHGuard protect against brute force WebGUI login attempts?
-
Just like the subject question...
I was unaware of SSHGuard until updating to 2.4.4_1 today and like the sounds of it. Does it also protect the WebGUI from repeated login attempts and/or can it be made to do that?
-
It was new in 2.4.4.
Yes it does monitor web logins also:
Dec 3 22:57:11 apu php-fpm[693]: /index.php: Session timed out for user 'admin' from: 172.21.16.5 (Local Database) Dec 3 22:57:37 apu php-fpm[693]: /index.php: webConfigurator authentication error for user 'admin' from: 172.21.16.5 Dec 3 22:57:37 apu sshguard[5706]: Attack from "172.21.16.5" on service 380 with danger 10.
There were some additional controls added in 2.4.4p1 for it in System > Advanced > Admin Access.
Steve
-
If you're that concerned about brute-force attacks then do the sensible thing and don't expose WebGUI/ssh to WAN. Put it all behind OpenVPN and access it through that.