I highly recommend fail2ban.
If you do implement it then I suggest you consider including the
recidive option.
Attached are two plots, one showing current fail2ban blacklisted ip's
(including recidive), and one showing the effect of introducing recidive
last year...
On 20/03/2020 8:18 a.m., Guilherme Carvalho wrote:
Yes, you´re right, i am looking for fail2ban right now, but the
captcha would be perfect, the first login user password and captcha,
than the TOTP.
Thanks Nick.
Em qui., 19 de mar. de 2020 às 15:29, Nick Couchman <[email protected]
<mailto:[email protected]>> escreveu:
On Thu, Mar 19, 2020 at 12:12 PM Guilherme Carvalho
<[email protected] <mailto:[email protected]>> wrote:
Hello guys, i have a doubt, is it possible to setup a Captcha
on the first login page??
I have no doubt this would be possible. There's no out-of-the-box
way to do it, today, but I would think an extension could be
written to allow it to function very similarly to TOTP or RADIUS
with MFA.
I´m using LDAP + TOTP, but the problems is, if somebody tried
to connect many times with an user on the guacamole, this
account got blocked on the AD, so many services will stop and
i couldn´t connect.
I think Mike has suggested previously elsewhere that fail2ban
might be a good option for preventing these sorts of attacks as it
will block access to the server from that IP. Obviously if
someone is intent on attacking they will do so from multiple IPs,
so it won't be perfect, but nothing is.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
