Sidebar
security:misc:preventing-brute-force-attacks
Table of Contents
Preventing brute-force attacks
Blocking and preventing brute force attacks is one of the main things you want to do on your web server to add a layer of security.
How brute force attacks work
Hackers can try to get into your system using a few different methods.
- Manual login attempts, they will try to type in a few usernames and passwords
- Dictionary based attacks, automated scripts and programs will try guessing thousands of usernames and passwords from a dictionary file, sometimes a file for usernames and another file for passwords. This is one of many reasons it is very important to choose a strong password.
- Generated logins, a cracking program will generate random usernames set by the user. They could generate numbers only, a combination of numbers and letters or other combinations.
Signs of brute force attacks
You can easily spot a brute force attempt by checking your servers log files. You will see a series of failed login attempts for the service they are trying to break into.
less /var/log/secure or tail -f /var/log/secure
Check for failed login attemps such as:
Apr 11 19:02:10 fox proftpd[6950]: yourserver (usersip[usersip]) - USER theusername (Login failed): Incorrect password.
Preventing brute force attacks
There are a few main ways to prevent the majority of brute force attempts.
- Restrict the amount of login attempts user(s) are able to perform.
- Ban users' IP addresses after multiple failed login attempts.
- Monitor your log files for suspicious login attempts (actively).
Helpful Tools
- Never enable demo or guest accounts as they will be the first way an attacker will get access into your system and further exploit it.
- Never have more than one user in the root group.
- APF & BFD
- LogWatch
- Report Attackers
- CSF/LFD
- cpHulk
security/misc/preventing-brute-force-attacks.txt · Last modified: 2016/10/23 19:54 by Marjorie S.
