Results 1 to 8 of 8
  1. #1

    how does brute force happen?

    hi guys.

    i checked my var/log/secure files and i saw many accepteped logins that were not mine.

    i am guessing my server was compromised.

    i had a 7 digit password.

    if the hacker uses bruteforce then does he just manage to get my server login without knowing the password?

    or does he know the password before he logs in?

    how does it work?

    ive used a 16 digit password now and there havent been any hacks now.

    ive checked for root kits and im clean.

    i think he must have guessed my old password.

    guide me please.


  2. #2
    Join Date
    Feb 2004
    New Zealand
    He could have done it a number of ways.

    He could have brute forced your password, or one of the users on your server passwords... Brute force is when the little script kiddie gets this program out with a massive dictionary of all these user names and passwords and then this program or his botnet ( large amount of zombie computers " bots " ) use this dictionary to guess the password thousands of times ( if not millions ) and they do in some cases get the pass.


    They fine a vunreble script ( web ) on your server and they exploit it, or they find exploits for it. Then then insert there kiddie code and gain access. They then use a rootkit to hide there tracks and provide a backdoor into the server.

    I would say he/she has cracked your password in some way.

  3. #3
    so once he logged on my server, does he know the password or is the password just guessed by his scripts?

    also do all logins, via ssh and other methods get recorded in .var/log/secure?

  4. #4
    Join Date
    Feb 2004
    New Zealand
    Well, you can attempt to see what he has typed.

    But i doubt you will find anything

    Look in bash_history.

    Check it for rootkits, using rkhunter.

    Well, in order for him to get onto the server he must of found out your root password some how?

    I cannot tell you if he has guessed the passwords, i don't have access to your system to see what he has done.

    Yes, check your logs. But a rootkit would have cleaned them up.

  5. #5
    my hosting company has recommended a OS reload.
    is an OS really needed?

    I did a initial security check and ran rootkithunter and my server appears to be clean.

    do all logins, via ssh and other methods get recorded in .var/log/secure?

  6. #6
    Join Date
    Feb 2004
    New Zealand
    Well, yeah I would suggest a OS reload.

    Also, if someone can crack your password and gain access then obviously your server is not secured very well. ( PM me if you need any help )

    I am not too sure, most likely.

  7. #7
    Join Date
    Sep 2002
    Top Secret
    Define "accepted logins". Posting the message that you're seeing can help here.
    Brute force is usually going to happen when you have passwords that just don't make the grade (ie: ANYTHING dictionary related, personal (birthday,etc), and more). The best response is to use one of the following solutions:
    A> change ssh port
    B> disable root login
    C> require root logins to have an ssh key, rather than accepting a password for root.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Linux Problems? WHMCS Issues? +1-866-546-8914 (linux-14) or @whmcsguru on twitter!

  8. #8
    Join Date
    Jun 2001
    the 7 digit password thing..................................

    Any experienced admin will always tell you a minimum of 8 digits is needed for passwords consisting of numbers letters symbols.

    passwords should never be words birthdays and never can be guessed.

    its very easy to tell if your server's been hacked just by looking at the logs. Logs might look wierd.... spacing between logs (deleted) etc....

    check your bash history for your root account. Also check for spaces inside that file and anything odd excuted.

    lastly...go install bfd...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts