Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Protect websites from brute force password guessing
« previous
next »
Print
Pages: [
1
]
Author
Topic: Protect websites from brute force password guessing (Read 3596 times)
labsy
Jr. Member
Posts: 59
Karma: 1
Protect websites from brute force password guessing
«
on:
June 27, 2017, 10:10:13 pm »
Hi,
I use OPNSense as main firewall for my webhosting servers. NOT for browsing, as behind OPNSesne there's only a bunch of servers, hosting web sites, like Wordpress, Joomla, Magento and others.
Among 300+ websites there's a dozen of my own sites and I can see hundreds of Brute Force attacks and vulnerability scans from all over the world. I can fight and protect by installing some Wordpress or Joomla security plugins, but I would like to mitigate attacks before they reach website engine - I'd like to configure some protection on OPNSense firewall for incoming attacks.
I do have most of IPS rules active, but here's problem no.1:
If I put rule on ALERT, I need to know exact source IP to find the alert in IPS log. I cannot search for, say "1.2.3.*" or "brute force". Is there some other way to see IPS alerts?
Now problem no.2:
Is there some better plugin or protection method to fight against brute force, password guessing and other attacks at firewall level, without impacting performance too much?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Protect websites from brute force password guessing