Much access to login page

[Nebraska]

Hi guys!

I checked my /usr/local/psa/admin/logs/httpsd_access_log today and saw that for many months there is access to the login page each few seconds. Mostly by the same IPs. So I guess they are trying to brute force my password. In this log file I only see the GET data, so I don't know which passwords they try (passwords are transmitted via POST data). Is there an other log file where I can see all successful logins that I can check if anything serious happened?
And how do I prevent such IPs to brute force my password? For example it would be cool if I could ban all IPs automatically which tried five times with a wrong password to login.

Thx!

 

[IgorG]

What about Home>Settings>IP access restriction management?

 

[Nebraska]

Okay, so I'd have to add all those IPs which try to brute force me. Can this be done automatically?
And what about a log of all successful logins?

 

[Alexey.Plotnitsky]

Nebraska,

this can be done using 3rd party software, like fail2ban: http://www.fail2ban.org/wiki/index.php/Main_Page

 

[IgorG]

This thread can be useful - http://forum.parallels.com/showthread.php?t=261464

 

[Nebraska]

What about Home>Settings>IP access restriction management?

I tried that with a friend. So I set his IP on the black list but he still has normal access to the login page and still is able to try to login. So IP access restriction management doesn't work at all.
After his tries to login in I checked out /usr/local/psa/admin/logs/httpsd_access_log and saw exactly the IP I set on the black list. This really confuses me.