Author Topic: Is there any way to protect repeated login attempts  (Read 2499 times)

0 Members and 1 Guest are viewing this topic.

Offline bbertrand

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Is there any way to protect repeated login attempts
« on: January 09, 2015, 04:06:43 PM »
If a malicious user were to try repeatedly to login to HFS, trying one password after another - is there any way to "lock out" for a period of time, or any other suggestions on how to prevent someone trying password after password until eventually they get logged in.

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 579
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Is there any way to protect repeated login attempts
« Reply #1 on: January 10, 2015, 08:45:49 AM »
I don't think a captcha could be of any help here, so, I think this must be implemented internally on HFS (if it was not implemented already). I don't see another option.
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12949
    • View Profile
Re: Is there any way to protect repeated login attempts
« Reply #2 on: January 11, 2015, 11:16:31 AM »

Offline bbertrand

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Is there any way to protect repeated login attempts
« Reply #3 on: January 11, 2015, 11:54:08 PM »
I tried this - the problem is that I'm using STUNNEL, so all connections into HFS are from 127.0.0.1.  Any other ideas?

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 861
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Is there any way to protect repeated login attempts
« Reply #4 on: January 14, 2015, 08:27:10 PM »
http://www.peerblock.com/

stunnel keeps a log...

Unless you disabled it..
it should tell you what public ip attempted to connect to you...

Not a correct way, was looking for the stunnel conf line to log, but this should also help:
https://github.com/arusso/puppet-stunnel/issues/8
------example...
What to do when stunnel fails
Firstly, the most important things to try when you are having trouble running stunnel is to:
run with full debug mode "debug = 7" in stunnel config
if running the daemon, run it in the foreground foreground = yes
Doing this gives you the best chance of catching the errors in the log on the screen.
along with other ip conections...
----------------
http://www.stunnel.org/static/stunnel.html
*********
log = append | overwrite
log file handling

This option allows to choose whether the log file (specified with the output option) is appended or overwritten when opened or re-opened.

default: append

output = FILE
append log messages to a file

/dev/stdout device can be used to send log messages to the standard output (for example to log them with daemontools splogger).
********************

now that we have public ips that connected with tie stamp...
 since hfs had the bad password attempt time stamped...

I would recomend you to downlaod peer blocker
downlaod link:
http://www.peerblock.com/releases/public-releases/peerblock-1.2.0-r693

and add the ip address at that time to permantly block the ip in peer blocker.

*Stunnel log has the public ip that attempt access.

peer blocker is one of many solutions... although i do think hfs in the acount for with in the program should incormapte security rules such as (pasword history/length/complexsit and time out...)
« Last Edit: January 14, 2015, 08:52:36 PM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 861
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Is there any way to protect repeated login attempts
« Reply #5 on: January 14, 2015, 08:41:58 PM »
although running programs seperately is nice for control, a member of this forum has went to great lengths on incorporation HFS and Stunnel.

There is an option with in the program in which you can have stunels log and hfs log in the same log windows...

http://www.rejetto.com/forum/hfs-~-http-file-server/for-testing-purpose-hfs-beta-279-including-ssl-tools/msg1059793/#msg1059793

as for your port 80 issue it might be a good look into a new members project:
http://www.rejetto.com/forum/router-port-problems/hfs-and-pagekite-public-hfs-wo-router-reconfiguration/msg1059815/?topicseen#msg1059815
« Last Edit: January 16, 2015, 12:27:17 AM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline bbertrand

  • Occasional poster
  • *
  • Posts: 13
    • View Profile
Re: Is there any way to protect repeated login attempts
« Reply #6 on: January 14, 2015, 08:58:22 PM »
The issue is this:  someone could try and try and try and finally break in; finding a break in AFTER THE FACT is unacceptable; I come from Mainframes - we don't let accidents happen and then clean up the mess - we don't let it happen in the first place.  You've never seen a mainframe break in.  Anyway, I'm new to STUNNEL and was wondering if there was a way for STUNNEL to pass the original IP address thru (can't see how architecturally) so that the original IP can be barred temporarily, but my first choice would be to like Windows, lock out a userid for a period of time after 3 invalid attempts at the password, and when locked out, the user attempting connection should not know whether it was an invalid password or if the userid is/was locked out.  I'm not in the habit of working for my computer (i.e. checking logs) - I believe strongly that if there IS suspicious activity, the computer should tell me.  As I use HFS to provide access to ALL of the files on my computer, I'm now concerned that I may have to find an alternative solution, due only to this problem.  Would there be a way to disable the target userid for a period of time anyone?  And I appreciate all responses.  And is the integrated HFS/Stunnel project - does that provide the source IP (still prefer a userid lockout though).

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 861
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Is there any way to protect repeated login attempts
« Reply #7 on: January 16, 2015, 12:17:22 AM »
Agree that the machin should let you know, but i doubt that these things will be implement into hfs for quite some time...

ON your topic for security (since you work with mainframes...)well, don't know what to sugest for halp...

since you said your using windows or explaing an example with it..., if you want better security then HFS, use IIS...
see link to install iss7 on your machine...
http://www.iis.net/learn/install/installing-iis-7/installing-iis-on-windows-vista-and-windows-7

use php for file upload and downlod...
iss has auto logs and limt that can warn you...

install iss7 php
http://php.iis.net/
http://www.microsoft.com/web/gallery/install.aspx?appid=PHP53

attached is a working file upload via php....

(iss7 create a self signed cert, and it uses https...un less you pay for a global signed one...)
https://www.sslshopper.com/article-when-are-self-signed-certificates-acceptable.html

--------
It's All About Trust
A self-signed certificate is like a fake drivers license. Who would accept a fake drivers license? Most people wouldn't. But Internet communication is very different from real-life communication. You have little idea who is sending the information on the other end. The biggest problem with a self-signed certificate, is a man-in-the-middle attack.
----------

then use open ssh (http://www.openssh.com/windows.html) to conect via putty and create tunnels and use the tunnel for communications... win win.. that what i'm doing now...
« Last Edit: January 16, 2015, 12:23:51 AM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1