Page 1 of 1

[Feature Request] Block brute-force hacking attempts

Posted: 04 Dec 2014, 22:29
by FKuypers
Hi,

I just saw in my message log that someone it trying to break into my NZBGET machine. It would be great if we could have an option to prevent people from logging in after a certain number of failed login attempts:
Thu Dec 04 19:05:14 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:99admin11)
Thu Dec 04 19:05:15 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:SCOPIA100)
Thu Dec 04 19:05:17 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:TANDBERG)
Thu Dec 04 19:05:19 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:eLaStIx.2oo7)
Thu Dec 04 19:05:22 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:elastix456)
Thu Dec 04 19:05:23 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:epicrouter)
Thu Dec 04 19:05:23 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:passworm)
Thu Dec 04 19:05:24 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:scopia100)
Thu Dec 04 19:05:26 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:sesam)
Thu Dec 04 19:05:26 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:setup)
Thu Dec 04 19:05:27 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:system)
Thu Dec 04 19:05:27 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (antek:antek)
Thu Dec 04 19:05:28 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (asteriskuser:eLaStIx.asteriskuser.2oo7)
Thu Dec 04 19:05:29 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (comcast:1234)
Thu Dec 04 19:05:29 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (dlink:Taitell)
Thu Dec 04 19:05:30 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (draytek:1234)
Thu Dec 04 19:05:32 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (freePBX:fpbx)
Thu Dec 04 19:05:34 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (ipecs:2222)
Thu Dec 04 19:05:35 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (maint:admin)
Thu Dec 04 19:05:38 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (maint:passworm)
Thu Dec 04 19:05:38 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (manager:webpw)
Thu Dec 04 19:05:39 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (n/a:admin)
Thu Dec 04 19:05:44 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:)
Thu Dec 04 19:05:46 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:1111)
Thu Dec 04 19:05:49 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:1234)
Thu Dec 04 19:05:49 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:Cisco)
Thu Dec 04 19:05:51 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:admin)
Thu Dec 04 19:05:51 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:administrator)
Thu Dec 04 19:05:53 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:askozia)
Thu Dec 04 19:05:56 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:eLaStIx.2oo7)
Thu Dec 04 19:05:58 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:gohigh)
Thu Dec 04 19:06:00 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:mysecret)
Thu Dec 04 19:06:02 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:passs)
Thu Dec 04 19:06:05 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (sa:sa)
Thu Dec 04 19:06:14 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (teles:tcs-ag)
Thu Dec 04 19:06:15 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (termnal:root)
Thu Dec 04 19:06:16 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (test:test)
Thu Dec 04 19:06:16 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (voip:1234)
Thu Dec 04 19:06:17 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:secret)
Thu Dec 04 19:06:18 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:portal)
Thu Dec 04 19:06:25 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (rouser:default)
Thu Dec 04 19:06:27 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (nnguest:nnguest)
Thu Dec 04 19:06:29 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (monitor:monitor)
Thu Dec 04 19:06:30 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (superuser:superuser)
Thu Dec 04 19:06:31 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (user:welcome)
Thu Dec 04 19:06:36 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (:admin)
Thu Dec 04 19:06:36 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (:)
Thu Dec 04 19:06:37 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (administrator:administrator)
Thu Dec 04 19:06:38 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:slapshot)
Thu Dec 04 19:06:39 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:router)
Thu Dec 04 19:06:40 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (Polycom:456)
Thu Dec 04 19:06:41 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (POLYCOM:POLYCOM)
Thu Dec 04 19:06:48 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:mysecret)
Thu Dec 04 19:06:49 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:1234)
Thu Dec 04 19:06:51 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (:12345678)
Thu Dec 04 19:06:58 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:123)
Thu Dec 04 19:07:00 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:99admin11)
Thu Dec 04 19:07:00 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (tech:12345678)
Thu Dec 04 19:07:00 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (ADMIN1:0000)
Thu Dec 04 19:07:01 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (ADMIN2:9999)
Thu Dec 04 19:07:03 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:root)
Thu Dec 04 19:07:03 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (it5k:itpassw)
Thu Dec 04 19:07:04 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:samsung)
Thu Dec 04 19:07:05 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (user:user)
Thu Dec 04 19:07:06 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (Admin:Admin)
Thu Dec 04 19:07:10 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (antek:antek)
Thu Dec 04 19:07:13 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (super:super)
Thu Dec 04 19:07:17 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (user:1234)
Thu Dec 04 19:07:18 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (user:12345)
Thu Dec 04 19:07:19 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (user:123456)
Thu Dec 04 19:07:22 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:sesam)
Thu Dec 04 19:07:22 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (admin:banana)
Thu Dec 04 19:07:23 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (termnal:root)
Thu Dec 04 19:07:23 2014 WARNING Request received on port 81 from 62.210.205.155, but username or password invalid (root:gohigh)
Any chance this can be implemented...

Thanks,

Frank

Re: [Feature Request] Block brute-force hacking attempts

Posted: 05 Dec 2014, 02:18
by vergessen
wouldn't it make more sense to move it behind a firewall to handle that or put it fully in defense mode and use a ssh tunnel or vpn to get onto the local network?

Re: [Feature Request] Block brute-force hacking attempts

Posted: 06 Jan 2015, 23:44
by Uskdara
The AuthorizedIP section should feature a prominent warning to users about the possible security risks of running a public-facing web server.

Re: [Feature Request] Block brute-force hacking attempts

Posted: 05 Aug 2017, 17:38
by MrCorleone
I am in agreement with the idea of blocking brute-force attempts...

In the meantime, could someone help me with using FAIL2BAN and create a jail for NZBGet?

I understand how to create the jail, I am not sure how to setup the regex for the logs and log paths...