Few web hosting users are robotic enough to always type their usernames and passwords perfectly every time they try to log in, but repeated failed attempts to access an account could be evidence of a security problem. As a precaution, it is a good idea to have accounts locked after a number of failed login attempts.
On a Linux dedicated server, the “faillog” command will tell you how many failed login attempts a user has. Before you can use faillog, you need to tell PAM, the password manager for Linux, to count failed login attempts. To do this, edit the file /etc/pam.d/system-auth and enable the pam_tally.so module:
auth required pam_tally.so no_magic_root
account required pam_tally.so deny=3 no_magic_root lock_time=180
With “deny=3”, the user’s account will be locked after 3 failed login attempts. The “lock_time” setting tells PAM how long to deny another login after a single failed attempt. The “no_magic_root” setting keeps it from locking the root user.
To display all failed login attempts, type:
To display failed logins for a particular user, type:
faillog -u username
To unlock a username after their maximum number of login attempts, type:
faillog -r -u username
To manually lock an account, use the “passwd” command:
passwd -l username
To unlock the account:
passwd -u username
With these security measures in place, you can greatly reduce the likelihood of attackers trying to gain access to your server by using password guessing. It also means, however, that particularly forgetful users may contact you when they accidentally lock themselves out due to failed login attempts. Therefore, be prepared to assist them quickly.