Brute Force Detection and or disabling Admin direct login
Posted: Thu Mar 17, 2011 2:10 amTwo security questions / ideas I wanted to bring for discussion.
Is it possible to disable admin login completely, or at least lock down the IP addresses to private network IP only as permitted for admin login?
I would also like to protect Subsonic against brute force attacks. I suppose that if failed logins were logged to a file, we could implement integration to RFXN's Brute Force Detect + Advanced Policy Firewall, or even ConfigServer Firewall. Both APF and CSF are powerful front ends for iptables functionality, generally built into modern linux kernels.
RFXN's Brute Force Detect / BFD
RFXN's Advanced Policy Firewall / APF
ConfigServer's ConfigServer Firewall / CSF
Is it possible to disable admin login completely, or at least lock down the IP addresses to private network IP only as permitted for admin login?
I would also like to protect Subsonic against brute force attacks. I suppose that if failed logins were logged to a file, we could implement integration to RFXN's Brute Force Detect + Advanced Policy Firewall, or even ConfigServer Firewall. Both APF and CSF are powerful front ends for iptables functionality, generally built into modern linux kernels.
RFXN's Brute Force Detect / BFD
RFXN's Advanced Policy Firewall / APF
ConfigServer's ConfigServer Firewall / CSF