Server Management > Security > Login Manager
The Login Manager allows you to configure the pam-abl protection against brute force password guessing attempts. You can configure after how many failed logins the account or the attacking hosts will be prevented from logging in at all. Even if a malicious user or script finally uses a valid username and password.
If you ever block yourself you will always be able to login to the GUI as admin to reset the blockade.
Config File: Location of the pam_abl config file.
User Purge: Defines how long failed logins for users are retained in the user database. Failed logins are still stored in the database even after the temporary blocking has expired.
Host Purge: Defines how long failed logins for hosts are retained in the user database. Failed logins are still stored in the database even after the temporary blocking has expired.
User Rule: Amount of failed logins per hour until the user account will be blacklisted, preventing anyone to login to that account even with a valid password. PLEASE NOTE: You should leave this at disabled because otherwise someone could run a Denial of Service attack against you that (temporarily) blocks even legitimate users from using their accounts.
Host Rule: Amount of failed logins per hour until the originating host will be blackisted. Even logins with correct usernames and password from the offending IP will then be blocked.
Exception: User “admin” can still login to the
GUI from that IP - if he knows the correct password.