How to protect server from Brute Force Attacks


How to protect server from Brute Force Attacks?



What is Brute Force Attacks on server:

An Attacker is enabled to run an automated app/script thus finding out account's password from a list of passwords (dictionary file) the Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

This helps in determining what should be avoided from having weak passwords, safeguarding the systems. A weak password has less than 8 characters (in lower-case) having few consecutive numbers or some commonly used or identifiable words. Conversely, a strong password is one which won't be commonly used or identified elsewhere. It has different numbers, special characters, upper and lower case letters randomly used.

If you're using cPanel/WHM", cPHulk Brute Force Protection" system found in "Security Center" is useful. Based on IPs, timing, and failed login attempts, you are provided several easy-to-configure rules. Against most common brute force/DDoS/DoS attacks, DirectAdmin users are supposed to check "Administration Settings" at Admin Access level. Then only, they should go to next section i.e. Security Section for a similar configuration.



You can prevent more than 2 connections every minute to the SSH port(22) and can block host's IP address for 5 minutes by applying following rules:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force"
iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j DROP

Comments