security: brute force login

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

security: brute force login

Raphenya, Amogelang
Hi All,

How can I prevent brute force login attack on the login page?



___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: security: brute force login

Dannon Baker-2
Hi Amogelang,

I'd recommend using a general purpose tool like fail2ban for this.  Here's a quick getting started guide that might help if you're using nginx: https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04

-Dannon

On Mon, Jan 4, 2016 at 2:13 PM, Raphenya, Amogelang <[hidden email]> wrote:
Hi All,

How can I prevent brute force login attack on the login page?



___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: security: brute force login

Martin Čech
Amogelang:

Needless to say that you probably want to protect on your webserver side (nginx is expected in the example by Dannon) as opposed to the Galaxy application side.

If you are really serious about this you should probably ask in a different place than here e.g. at http://security.stackexchange.com/ and research other reputable sources as our experience with this would be limited.

Thanks for using Galaxy.

Martin

On Mon, Jan 4, 2016 at 2:16 PM Dannon Baker <[hidden email]> wrote:
Hi Amogelang,

I'd recommend using a general purpose tool like fail2ban for this.  Here's a quick getting started guide that might help if you're using nginx: https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04

-Dannon

On Mon, Jan 4, 2016 at 2:13 PM, Raphenya, Amogelang <[hidden email]> wrote:
Hi All,

How can I prevent brute force login attack on the login page?



___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
Reply | Threaded
Open this post in threaded view
|

Re: security: brute force login

Eric Rasche-2
If you're using apache, mod_evasive is quite popular for this purpose.

On 01/04/2016 01:27 PM, Martin Čech wrote:
Amogelang:

Needless to say that you probably want to protect on your webserver side (nginx is expected in the example by Dannon) as opposed to the Galaxy application side.

If you are really serious about this you should probably ask in a different place than here e.g. at http://security.stackexchange.com/ and research other reputable sources as our experience with this would be limited.

Thanks for using Galaxy.

Martin

On Mon, Jan 4, 2016 at 2:16 PM Dannon Baker <[hidden email]> wrote:
Hi Amogelang,

I'd recommend using a general purpose tool like fail2ban for this.  Here's a quick getting started guide that might help if you're using nginx: https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04

-Dannon

On Mon, Jan 4, 2016 at 2:13 PM, Raphenya, Amogelang <[hidden email]> wrote:
Hi All,

How can I prevent brute force login attack on the login page?



___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

-- 
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
404-692-2048
[hidden email]

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/