Jump to content
Mark Deibert

How many times can root login fail?

12 posts in this topic Last Reply

Recommended Posts

I have veeeery strong password on the root login in the webGui. But, how many times can a person try to login to the webUi and fail before it blocks them or locks somehow? Am I making sense? ūüėē

Share this post


Link to post

AFAIK, the login attempts can continue until the syslog fills up RAM and crashes the server.

 

The webGUI MUST be secured behind some secondary security, it must not be directly exposed to the internet or a network where devices aren't reasonably able to be trusted.

Share this post


Link to post
Posted (edited)
28 minutes ago, Mark Deibert said:

Damn that sucks. I wanted to access it remotely, but I guess not. Ok, I'll remove the router forward. Thank you @jonathanm

I currently have my GUI secured and accessible through OPenVPN and ZeroTier.  You definitely do not want to expose it to the Internet directly.

 

Apparently, the upcoming 6.8 release has a WireGuard implementation and may provide remote access to the GUI as well.

 

  • Forms-based webGUI authentication: now compatible with most password managers.
  • WD-Discovery support: for reliable Windows Network explorer listing of your server and eliminates need for SMBv1 on your network.
  • WireGuard support: for easy configuration of VPN tunnels (experimental).
  • Numerous bug fixes and package updates.
  • Introducing Unraid.net¬†a set of web-based services including:
    • Server status such as online/offline, storage used/available, etc.
    • Links for local and remote access to your server webGUI.
    • Backup and Restore of your USB Flash boot device.
Edited by Hoopster

Share this post


Link to post

Is it safe to forward a port to a container? I have a port forward to OMBI so family can request videos/TV, and 2 open ports to my standalone NVR. No other open ports.

Also is there a way to lock down the different protocols in Unraid, I only want microsoft networking turned on, not SNMP, Telnet, SSH, TFTP, ISCSI, FTP, NFS, ect..

In my Qnap I can disable each one independently. Just want to make my unraid as secure as possible, and only have local access to it, with the exception of plex and ombi.

Share this post


Link to post
7 minutes ago, almulder said:

Is it safe to forward a port to a container? I have a port forward to OMBI so family can request videos/TV, and 2 open ports to my standalone NVR. No other open ports.

Quite commonly done, and yes

 

7 minutes ago, almulder said:

Also is there a way to lock down the different protocols in Unraid, I only want microsoft networking turned on, not SNMP, Telnet, SSH, TFTP, ISCSI, FTP, NFS, ect..

The various icons in the Settings Tab will disable what unRaid has the options for.

Share this post


Link to post
2 hours ago, Squid said:

The various icons in the Settings Tab will disable what unRaid has the options for.

Missed that and that is what I needed. Thanks.

Share this post


Link to post

The 'Fix Common Problems'  plugin has a "Number of allowed invalid logins per day:" setting. 

Share this post


Link to post
9 minutes ago, Frank1940 said:

The 'Fix Common Problems'  plugin has a "Number of allowed invalid logins per day:" setting. 

I could be wrong, but I don't think that will actually restrict anything except whether FCP will report it as an issue.

Share this post


Link to post

You could be right.  This is what is says in the 'Help':

Quote

Number of allowed invalid logins per day - This is the number of "grace" invalid logins allowed per day either via the local console or through SSH / Telnet (ie: you typed your password wrong) This is used to determine if any hacking attempts are being made on your server

The first portion seems to indicate that it will block logins after the number is exceeded but the last sentence seems to indicate that it may only issue a warning.  Perhaps, @Squid might shed some light on this...

Share this post


Link to post
3 hours ago, jonathanm said:

FCP will report it as an issue.

This

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.