Blocking Brute-Force Atttacks at a JupyterHub

1kastner · February 16, 2021, 3:51pm

Hello there,

has anybody tried out a tool like fail2ban for blocking off brute-force attacks? I found the gist JupyterHub PAM Authentication Fail2ban Configuration · GitHub which from its expressions sounds promising. However, I haven’t tried it out myself. I would be more than happy with a behavior which is common in many OS: The first 3 attempts work without any delay and after that, people are blocked from logging in for longer and longer time periods. I guess an IP-based approach is the most feasible way to identify users.

Best wishes

minrk · February 17, 2021, 9:35am

I haven’t tried that fail2ban config, but it looks very promising! I do think blocking by ip is the right thing to do, since blocking by e.g. username would make DoS easy by spamming attempted logins for a target username. I also think you’d have to implement username-based blocks in the Authenticator, as fail2ban doesn’t know who’s trying to login, just where the connection is coming from.

1kastner · February 17, 2021, 9:49am

Thank you for your input!

Topic		Replies	Views
Changes in proxy from 2.1.1 to 2.2.2 JupyterHub	1	322	April 19, 2022
[PAM Error 7] Authentication failure JupyterHub	1	899	October 12, 2023
Keep JupyterHub usernames / passwords in a CouchDB - The CouchDBAuthenticator JupyterHub announcement	2	382	April 20, 2021
Keep JupyterHub usernames / passwords in a Google Sheet JupyterHub announcement	1	790	May 14, 2020
Slow PAM authentication with PAM Authenticator and many users JupyterHub jupyterhub	2	112	January 11, 2024

Blocking Brute-Force Atttacks at a JupyterHub

Related Topics