Results 1 to 16 of 16
Thread: Brute Force Attack
-
06-01-2012, 12:36 PM #1Newbie
- Join Date
- May 2006
- Posts
- 26
Brute Force Attack
I'm experiencing serious brute force attack on my server since last Saturday. I do have CJHulk Brute protection on but am concern if they keep trying, they will eventually get thru. Will it help if I move my server to another host?
-
06-01-2012, 12:37 PM #2Temporarily Suspended
- Join Date
- Mar 2012
- Location
- Tampa, FL =)
- Posts
- 1,954
Moving to another host will not fix the problem. Just make sure your password is hard to guess and you will be fine =)
Are you on a shared, reseller, vps, or dedicated server? What are your current protection settings? Are the IPs randomly changing?
-
06-01-2012, 12:37 PM #3Lord of live chats
- Join Date
- Jul 2009
- Location
- UK
- Posts
- 1,312
What are they attacking?
Is it SSH?
Block the IP on the firewall?
Limit SSH / Telnet / Login connections to only your IP address?Live Chat Support Software for your Business website - IMsupporting.com
-
06-01-2012, 12:39 PM #4Disabled
- Join Date
- Oct 2011
- Location
- In a server room
- Posts
- 306
It should ban the ip after so many tries. What are your settings set to..
-
06-01-2012, 12:52 PM #5Junior Guru
- Join Date
- Jul 2004
- Location
- London, UK
- Posts
- 177
Don't use password logins will solve that problem.
I like to move my SSH port - not because it makes it any "more secure" but it does stop the automated stuff from bothering me. Can't remember the last time fail2ban had to do it's thing.
-
06-01-2012, 12:56 PM #6Web Hosting Master
- Join Date
- Jun 2011
- Posts
- 552
Edit your SSH port
www.Hostzoom.net
Pure SSD Powered cPanel web hosting with location in Amsterdam, Netherland.
-
06-01-2012, 02:37 PM #7WHT Addict
- Join Date
- Mar 2012
- Posts
- 166
change your SSH port, make complicated password
-
06-01-2012, 03:39 PM #8Newbie
- Join Date
- May 2006
- Posts
- 26
I have a VPS and have CJHulk Brute Force protection set to 5 max failures by IP & account. Their IP addresses are randomly changing. They are attacking my lmap port. Host has setup csf firewall? hopefully this will fix it.
How do you not use a password login?
Thank you for all your responses!
-
06-01-2012, 03:47 PM #9Web Hosting Master
- Join Date
- Jun 2003
- Location
- United States of America
- Posts
- 1,847
Many vps servers have what is know as a console connection available. You can connect through this also as an alternative to ssh.
Using a service like cloudflare also can help you hide your websites ip address. Just make sure to remove the subdomains like ftp, direct, and mail that would give out your true ip address.Computer Steroids - Full service website development solutions since 2001.
(612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.
-
06-01-2012, 04:02 PM #10Dewlance® Shared/Reseller/Master Reseller - US/UK/EU/FRK/CA - SSD
WHMCS ReadyMadeKB - Tutorials for cPanel/InterWorx/Softaculous& Growing..
DemoTiger.com - Buy Demo Videos for your Hosting Company
-
06-01-2012, 05:57 PM #11Web Host Reviewer
- Join Date
- Feb 2006
- Location
- Kepler 62f
- Posts
- 16,703
Change port.
Disable root logins.
Blacklist IPs.|| Need a good host?
|| See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
||
-
06-01-2012, 06:08 PM #12(formerly WhichGunDotCom)
- Join Date
- Jun 2011
- Location
- Woodbridge, NJ
- Posts
- 840
You should be disallowing root logins anyway.
Some simple steps to help secure SSH:
- Change SSH port from the default (22)
- Disable root logins entirely; use sudo instead (PermitRootLogin no)
- Disallow all users except for your own (AllowUsers username)
- Disable password authentication (PasswordAuthentication no) and use public/private key pair authentication
- Use fail2ban or similar to automatically block IP addresses where attacks are coming from
-
06-01-2012, 06:33 PM #13Web Hosting Evangelist
- Join Date
- Jul 2009
- Posts
- 451
I believe he stated his imap address, not ssh....
but fail2ban can help, but hard to get working properly if new to it.
changing ssh ports will do nothing for imap, nor will disable root logins, nor will anything else we all listed here.
permiting ONLY sasl authenticated would help.
reject bad helo and other important issues to prevent false ip attacks.Last edited by programguy; 06-01-2012 at 06:36 PM.
-
06-02-2012, 01:32 AM #14Junior Guru Wannabe
- Join Date
- Feb 2012
- Location
- /etc
- Posts
- 76
If you have CSF and cPhulk it is more than enough. And a complicated password will be perfect enough for your concerns.
CyberLS.com - Fully Managed Server Solutions with 24x7 Live Support
Adobe Flash Media Server - Live TV and Video Streaming
Fully Managed FFMPEG and Red5 VPS Hosting
-
06-02-2012, 11:20 PM #15New Member
- Join Date
- Jun 2012
- Posts
- 2
Hey if you still want to do the key pair login (sorry I don't know the tech name so I took a a guess at it) but hak5 did a video on how to do it in windows though putty. Also what I would recommend is disable root though SSH and make a new account on your vps and then super user your self to root.
youtube:
watch?v=CMyRTx9-L-4&feature=relmfu
-
06-03-2012, 10:41 AM #16Newbie
- Join Date
- May 2012
- Posts
- 19
You could also go hard core and add port knocking to your server :
portknocking.org
Similar Threads
-
Brute Force Attack
By turbowarp in forum Hosting Security and TechnologyReplies: 16Last Post: 03-19-2008, 03:12 AM -
Brute Force Attack on FTP
By neonix in forum Hosting Security and TechnologyReplies: 1Last Post: 05-28-2005, 11:00 AM -
Brute force attack
By parisdns in forum Dedicated ServerReplies: 9Last Post: 12-20-2004, 03:42 PM -
Brute Force Attack
By ahostinginc in forum Hosting Security and TechnologyReplies: 17Last Post: 11-13-2004, 09:49 AM