Topic: Dictionary Attacks

[nend]

I hate to burst your bubble but isn't fail2ban for login attempts at the server level like htpasswd? Also SMF's error handler is built into SMF and silents all PHP errors through SMF's own error handler.

[nend]

Skilled,

ZB Block works great, thanks for sharing. 

[Skhilled]

I've been meaning to test that more often but have been too busy. Thanks for reminding me.

[Underdog]

Imao the questions at logon work best.. don't even have to ban IP's from the bots for the most part.
Someone already used my exact idea and released it as a mod on Feb.20 at smf main.

Pffft.

Only thing they did wrong was not put an option to not have it log the failed attempts (simple false entry in the error array).. some people were trying to get away from the annoying log entries filling up. Perhaps they'll add that option after reading my post.

ref. http://custom.simplemachines.org/mods/index.php?mod=2956

[vzbob]

I've been meaning to test that more often but have been too busy. Thanks for reminding me.

I use zzblock on all my sites and its fantastic its easy to install and also keeps a good log file.
Its customizable as well and checks a lot of users on various spam lists. Ive been using it since June 2010 and it has blocked over 15,000 spammers and other attacks by script kiddies as well. It has a custom signature file where you can add information to block a single IP or a whole country. I would recommend it to you and anyone else running websites. I use in in conjunction with the Stop Forum Spam Mod and it has stopped 99% of spammers registering on my 5 websites. and you only need to install it once to cover all your websites.

 So check it out http://www.spambotsecurity.com/ zaphod is very helpful with any problem you may have and you can ask for assistance if needed with it.

[Skhilled]

Very true, zaphod and his staff do have good support.

[nend]

Yes it is, but some settings IMHO are too harsh. You know me already modified the source code to it. It is a great mod by default still.

I have created a threat level system for this software. Say for example a users browser is infected by spyware, they are blocked and referred to sites with cleaning programs. The original software will permanently ban them after three attempts to access a site. Talk about a little harsh because I know allot of people that accidently install allot of these spyware programs.

Right now I have two threat levels

Blocked / Referred to information to correct the problem.
Blocked / PermaBan after 3 attempts (zbblock default)

[Skhilled]

Good point. Other mods for smf are like that as well. But right now people are running scared because of the attacks and probably don't care who gets turned away. LOL

There are also false-positives that can happen as well. I do think your idea is better, though.

[DeathSign]

I hate to burst your bubble but isn't fail2ban for login attempts at the server level like htpasswd? Also SMF's error handler is built into SMF and silents all PHP errors through SMF's own error handler.

Yep, but I meant that you can write smf errors into a file then make a custom filter for fail2ban that parses this file.

[maxfire02]

Hi Nend!

I wanna know how to remove all PHP errors through SMF's error handler and what others errors it can remove?

Thanks!






http://dashquid.com
http://fatlossprofessional.co.uk
http://fatlossprofessional.co.uk/how-to-lose-weight-fast/
http://mobilehelper.co.uk
http://securetrip.co.uk
http://whichpetcover.com
http://youtube.com
http://wikipedia.org
http://twitter.com
http://amazon.com

[Skhilled]

You have to write php code and find the errors first to be able to fix them.