Separate brutecount into brutecount and brute_dos_count (SKINS)(LANG)

Version 1.53

Feature
Finished

The DirectAdmin Brute Force Login detection on port 2222 at: Admin Settings -> Blacklist IPs for excessive DA login attempts: [x] after [100] attempts previously tracked all connections to DA that were not authenticated. This was confusing, as it wasn't an actual login attempt, but things like loadig the login page counted against this max before ban. To simplify things, this value is now literally only for actual failed login attempts (eg: wrong user pass) The new default for new installs will be: brutecount=20 down from 100. To address flooding DA, we've added another setting: brute_dos_count=100 which tracks all unauthorized connections. If you load the login page that many times, then you'll be banned. The time window for which the attempts (either failed logins or unauthorized connections) must pass with no activity before the count is reset, both still use: brute_force_time_limit=1200 which is the internal default, and can be changed. There are some cases where browsers decide to keep making requests, for things like robots.txt, for no particular reason (reported with firefox). So if you leave your window open/idle, or even sitting on the login page, long enough, these requests will get your IP banned, even if the rate is slow. This change will allow you to set a lower failed login attempts limit, and higher idle requests limit, so you can have the best of both. The brute_dos_count is still going to be the defence against dos/flood attacks, so if they are flooding you, hitting 100 would happen fairly quickly anyway, so setting this value high is fine. =========================== CHANGES ON DISK The previous tracking used to be done in the file; /usr/local/directadmin/data/admin/login.hist storing all IPs. This wasn't the best design as it would be blocking or hitting race conditions for the counts. This new change will use the folder: /usr/local/directadmin/data/admin/ip_access for each IP, eg: /usr/local/directadmin/data/admin/ip_access/1.2.3.4/unauthorized_connections /usr/local/directadmin/data/admin/ip_access/1.2.3.4/failed_logins where the above 2 files will store 1 byte per attempt, so the size of those files would be the number of attempts. This makes tracking much quicker, and non-racing, in that is just attempts a "1" to the end of each file for the given case. Once login is successful the failed_logins is counted, and added to the Users logins.list, as before, and the 1.2.3.4 directory is removed. The dataskq will also still check the logins as before, but instead of admin/login.hist, it checks admin/ip_access, and clears and folders that are either empty, or who's 2 files mtime's are older than: now - mtime > brute_force_time_limit if the files don't exist, the mtime will return 0 anyway, so it would be true, and removed (both files must be true for removal of the folder). =============================== SKINS Admin Settings: admin/admin_settings add an input for brute_dos_count below brutecount Token is BRUTE_DOS_COUNT ============================== LANG lang/en/admin/admin_settings.html LANG_UNAUTH_CONN=unauthorized connections. LANG_BRUTE_OR=or

Interested to try DirectAdmin? Get a 30-day Free Trial!