* pjc...@fastmail.fm <pjc...@fastmail.fm> [11-28-16 09:55]: > I have fail2ban working on my server -primarily for wordpress- and it > works well. There is one issue, however, that I'd like to ask about. > > > When a legitimate wordpress user makes a mistake on their password logging- > in, there is a delay of at least about two seconds before they submit > their corrected password. In fact they could be given a notification > screen telling them to be sure to wait at least three seconds before > submitting their corrected password. > > > Even with fail2ban fully in effect there are spammers who go so far as > to figure out the fail2ban setting and will keep hitting the site with > brute force logins (from changing IP's) but stop just before the > threshold (whether it be 6 failures in 10 minutes or whatever). Looking > at the logs these attempts are often obvious because the time difference > between the GET and the POST is often zero or 1. (or short time > difference between sequential fails) > > > In fact these are not much of a problem because there can't be very > many of them. But does anyone know of a tool that would ban simply > based on the time between failures ...in other words, such a tool would > ban a failing login if the second attempt happened less than three > seconds (or two seconds) after the first? Then legitimate users could > simply be informed not to re-enter their password too quickly after an > initial fail.
Look at recidive, I believe it will provide what you wish. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 Photos: http://wahoo.no-ip.org/piwigo @ http://linuxcounter.net ------------------------------------------------------------------------------ _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
