Results 1 to 16 of 16
  1. #1

    Unhappy Brute Force Attack

    I'm experiencing serious brute force attack on my server since last Saturday. I do have CJHulk Brute protection on but am concern if they keep trying, they will eventually get thru. Will it help if I move my server to another host?

  2. #2
    Join Date
    Mar 2012
    Location
    Tampa, FL =)
    Posts
    1,954
    Moving to another host will not fix the problem. Just make sure your password is hard to guess and you will be fine =)

    Are you on a shared, reseller, vps, or dedicated server? What are your current protection settings? Are the IPs randomly changing?

  3. #3
    Join Date
    Jul 2009
    Location
    UK
    Posts
    1,312
    What are they attacking?

    Is it SSH?

    Block the IP on the firewall?

    Limit SSH / Telnet / Login connections to only your IP address?
    Live Chat Support Software for your Business website - IMsupporting.com

  4. #4
    Join Date
    Oct 2011
    Location
    In a server room
    Posts
    306
    It should ban the ip after so many tries. What are your settings set to..

  5. #5
    Join Date
    Jul 2004
    Location
    London, UK
    Posts
    177
    Don't use password logins will solve that problem.

    I like to move my SSH port - not because it makes it any "more secure" but it does stop the automated stuff from bothering me. Can't remember the last time fail2ban had to do it's thing.

  6. #6
    Join Date
    Jun 2011
    Posts
    552
    Edit your SSH port
    www.Hostzoom.net
    Pure SSD Powered cPanel web hosting with location in Amsterdam, Netherland.

  7. #7
    Join Date
    Mar 2012
    Posts
    166
    change your SSH port, make complicated password

  8. #8
    I have a VPS and have CJHulk Brute Force protection set to 5 max failures by IP & account. Their IP addresses are randomly changing. They are attacking my lmap port. Host has setup csf firewall? hopefully this will fix it.

    Quote Originally Posted by streaky View Post
    Don't use password logins will solve that problem.
    How do you not use a password login?

    Thank you for all your responses!

  9. #9
    Join Date
    Jun 2003
    Location
    United States of America
    Posts
    1,847
    Many vps servers have what is know as a console connection available. You can connect through this also as an alternative to ssh.

    Using a service like cloudflare also can help you hide your websites ip address. Just make sure to remove the subdomains like ftp, direct, and mail that would give out your true ip address.
    Computer Steroids - Full service website development solutions since 2001.
    (612)234-2768 - Locally owned and operated in the Minneapolis, Minnesota area.

  10. #10

    Wink

    Quote Originally Posted by lucky12 View Post
    I have a VPS and have CJHulk Brute Force protection set to 5 max failures by IP & account. Their IP addresses are randomly changing. They are attacking my lmap port. Host has setup csf firewall? hopefully this will fix it.



    How do you not use a password login?

    Thank you for all your responses!
    You can disable pass login and enable key based login, It means no one can access your SSH Root account without Key file..
    Dewlance® Shared/Reseller/Master Reseller - US/UK/EU/FRK/CA - SSD
    WHMCS ReadyMadeKB - Tutorials for cPanel/InterWorx/Softaculous& Growing..
    DemoTiger.com - Buy Demo Videos for your Hosting Company

  11. #11
    Join Date
    Feb 2006
    Location
    Kepler 62f
    Posts
    16,703
    Change port.
    Disable root logins.
    Blacklist IPs.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives
    ||

  12. #12
    Join Date
    Jun 2011
    Location
    Woodbridge, NJ
    Posts
    840
    Quote Originally Posted by DewlanceHosting View Post
    You can disable pass login and enable key based login, It means no one can access your SSH Root account without Key file..
    You should be disallowing root logins anyway.

    Some simple steps to help secure SSH:

    1. Change SSH port from the default (22)
    2. Disable root logins entirely; use sudo instead (PermitRootLogin no)
    3. Disallow all users except for your own (AllowUsers username)
    4. Disable password authentication (PasswordAuthentication no) and use public/private key pair authentication
    5. Use fail2ban or similar to automatically block IP addresses where attacks are coming from

  13. #13
    Join Date
    Jul 2009
    Posts
    451
    Quote Originally Posted by lucky12 View Post
    I'm experiencing serious brute force attack on my server since last Saturday. I do have CJHulk Brute protection on but am concern if they keep trying, they will eventually get thru. Will it help if I move my server to another host?
    Quote Originally Posted by lucky12 View Post
    I have a VPS and have CJHulk Brute Force protection set to 5 max failures by IP & account. Their IP addresses are randomly changing. They are attacking my lmap port. Host has setup csf firewall? hopefully this will fix it.



    How do you not use a password login?

    Thank you for all your responses!
    I believe he stated his imap address, not ssh....
    but fail2ban can help, but hard to get working properly if new to it.

    changing ssh ports will do nothing for imap, nor will disable root logins, nor will anything else we all listed here.

    permiting ONLY sasl authenticated would help.
    reject bad helo and other important issues to prevent false ip attacks.
    Last edited by programguy; 06-01-2012 at 06:36 PM.

  14. #14
    Join Date
    Feb 2012
    Location
    /etc
    Posts
    76
    If you have CSF and cPhulk it is more than enough. And a complicated password will be perfect enough for your concerns.
    CyberLS.com - Fully Managed Server Solutions with 24x7 Live Support
    Adobe Flash Media Server - Live TV and Video Streaming
    Fully Managed FFMPEG and Red5 VPS Hosting

  15. #15
    Hey if you still want to do the key pair login (sorry I don't know the tech name so I took a a guess at it) but hak5 did a video on how to do it in windows though putty. Also what I would recommend is disable root though SSH and make a new account on your vps and then super user your self to root.

    youtube:
    watch?v=CMyRTx9-L-4&feature=relmfu

  16. #16
    You could also go hard core and add port knocking to your server :

    portknocking.org

Similar Threads

  1. Brute Force Attack
    By turbowarp in forum Hosting Security and Technology
    Replies: 16
    Last Post: 03-19-2008, 03:12 AM
  2. Brute Force Attack on FTP
    By neonix in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-28-2005, 11:00 AM
  3. Brute force attack
    By parisdns in forum Dedicated Server
    Replies: 9
    Last Post: 12-20-2004, 03:42 PM
  4. Brute Force Attack
    By ahostinginc in forum Hosting Security and Technology
    Replies: 17
    Last Post: 11-13-2004, 09:49 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •