Preventing brute-force attacks

Blocking and preventing brute force attacks is one of the main things you want to do on your web server to add a layer of security.

Hackers can try to get into your system using a few different methods.

1. Manual login attempts, they will try to type in a few usernames and passwords
2. Dictionary based attacks, automated scripts and programs will try guessing thousands of usernames and passwords from a dictionary file, sometimes a file for usernames and another file for passwords. This is one of many reasons it is very important to choose a strong password.
3. Generated logins, a cracking program will generate random usernames set by the user. They could generate numbers only, a combination of numbers and letters or other combinations.

You can easily spot a brute force attempt by checking your servers log files. You will see a series of failed login attempts for the service they are trying to break into.

less /var/log/secure or tail -f /var/log/secure

Check for failed login attemps such as:

  Apr 11 19:02:10 fox proftpd[6950]: yourserver (usersip[usersip]) - USER theusername (Login failed): Incorrect password.

There are a few main ways to prevent the majority of brute force attempts.

1. Restrict the amount of login attempts user(s) are able to perform.
2. Ban users' IP addresses after multiple failed login attempts.
3. Monitor your log files for suspicious login attempts (actively).

• APF & BFD
• LogWatch
• Report Attackers
• CSF/LFD
• cpHulk