On 22/02/2011 19:57, marketing wrote:
> I notice a high density of warming messages in a TC log file this morning.
> The message is "an attempt was made to authenticate the locked user
> 'admin'". I guess that a script was used to hack into the admin account.
> How the attack occurs? And how to have a good protection?

The ASF uses fail2ban for this sort of thing. To many login failures in
the logs and fail2ban configures the firewall to drop all packets from
the source IP address. You can configure fail2ban to respond pretty much
however you want.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to