Johan wrote:

Hi!

My friend decided to test my home network.

It's not running too many services. One Wordpress blog, and one game server. All behind ClearOS 6.2 rice purity test

As of right now, he has tried 2.2 million passwords against my Web Panel for ClearOS. I thought the intrusion detection/prevention would handle this?
Is there any way for me to limit login attempts, or make sure only internal connections can connect to the web panel?

Secondly, he managed to sink my web server in 5 seconds, by flooding it with requests.
Is there something that can be done about DoS attacks in ClearOS, or is that all up to Apache?

Your friend's activities pose serious security risks to your home network. To enhance security, you can limit login attempts, restrict access to the web panel to internal connections only, and consider implementing measures against DoS attacks. These security measures can help protect your network from unauthorized access and potential disruptions.

Also have a look at fail2ban which has been mentioned a few times on the forum.

Hi Johan,

I think we do a disservice to everyone by having the Intrusion Detection and Prevention apps available without a good rule set. The open source / GPL rules are old (2007?) and limited. There are just 500 rules in the open source / GPL rule set, but there are over 12,000 in the Intrusion Protection Updates app (yes, it's a paid app intended for businesses). In many ways, having the free version available is worse than nothing.

or make sure only internal connections can connect to the web panel?

Are you referring to the ClearOS web-based administration tool? By default, access is only allowed from the local network -- you have to add a firewall rule to allow access from the Internet. By the way, we recommend disabling remote access to the ClearOS web-based administration tool. Instead, use VPN (even the less secure PPTP VPN is fine in this scenario since web access is over HTTPS).