Cybersecurity

5626 readers

107 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Attackers are pummeling networks around the world with millions of login attempts (arstechnica.com)

submitted 6 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

12 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] HubertManne@kbin.social 13 points 6 months ago (2 children)

I thought it was common practice to not allow logins for some period after like half a dozen failures.

[–] Darkassassin07@lemmy.ca 14 points 6 months ago (2 children)

There's a few ways to do it; but if they block based on username it can lockout legitimate users too.

This is what fail2ban is for. Too many failed auths from an IP and that whole IP is blacklisted for a day or two. This can still catchout vpn users, but it's still less disruptive.

[–] HubertManne@kbin.social 8 points 6 months ago

Many blocked for an hour or even just 10 mins. at the time it was enough to get the attack scripts to change targets.

[–] SemiAuto@sh.itjust.works 3 points 6 months ago

I went a bit overboard I think with my fail2ban configuration. If you fail 2 times to login in any admin interfaces (ssh, web, etc), you get banned for around 4880 days.. I have too many banned IPs already.. :/

[–] discozombie@lemmy.world 2 points 6 months ago (1 children)

Indeed but in this particular case they're using a large number of IPs, over 3000 on the last list I saw.

[–] HubertManne@kbin.social 2 points 6 months ago

yeah and im thinking from an early 2000 perspective to where not being able to login for an hour was not necessarily a big deal. Whereas now so much of our life is online its not really as laid back a proposition.