Goal
Prevent brute force and other malicious login attempts when using Datameer's basic authentication system.
Learn
As of version 5.7, Datameer has implemented a CAPTCHA system used to thwart brute force authentication methods. Per default, a user name can try and authenticate three times before being asked for a CAPTCHA to be entered every subsequent attempt.
Beyond this security measure, Datameer users are responsible to secure HTTP requests on their system trying to access Datameer with basic authentication.
Solution/Workaround
Users may utilize intrusion prevention software (example: Fail2Ban) that read log files from Datameer.
These types of applications trail log files for authentication errors, look for regular expressions, and then work with firewalls to apply blacklists against IP addresses that match a pattern too often.
Here it would be necessary to monitor the useraction.log
for action type AUTHENTICATION
.
Comments
0 comments
Please sign in to leave a comment.