Open
Description
使用的anylink版本 ?
5ef8a1165c14:/app# ./anylink -v AnyLink v0.12.1 build on go1.20.14 [linux, amd64] date:2024-04-25T11:51:21+08:00 commit_id(9d926edabbda635ec8f6d2808aa1c57149d74ecc)
使用操作系统的类型和版本?
root@xxx:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 24.04 LTS Release: 24.04 Codename: noble root@xxx:~#
使用linux 内核版本?
root@xxx:~# uname -a Linux xxx 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
遭遇到了爆破登录尝试,虽然anylink安全很高,但总归是会对服务器造以及数据库成压力。
建议添加类型ocserv的防爆破功能,单位时间内登录失败次数达到特定次数,限制用户接下来一段时间不可登录。
# Banning clients in ocserv works with a point system. IP addresses # that get a score over that configured number are banned for # min-reauth-time seconds. By default a wrong password attempt is 10 points, # a KKDCP POST is 1 point, and a connection is 1 point. Note that # due to different processes being involved the count of points # will not be real-time precise. Local subnet IPs are exempt to allow # services that check for process health. # # Set to zero to disable. max-ban-score = 80 # The time (in seconds) that all score kept for a client is reset. ban-reset-time = 1200 # In case you'd like to change the default points. #ban-points-wrong-password = 10 #ban-points-connection = 1 #ban-points-kkdcp = 1
爆破的相关日志如下:
Metadata
Metadata
Assignees
Labels
No labels