breeze_host
New member
What is a brute force attack?How can we prevent it on the server?
Please share your views
Please share your views
What is a brute force attack?
- Thread starter breeze_host
- Start date
- Status
According to Google - Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.
Strange question coming from a provider that sells everything from shared to dedicated and cloud services. In addition to RH-Calvin's response, for WordPress you could install the WordFence plugin to help.
24x7server
New member
If you've cPanel installed on the server then you can enable cPHulk Brute Force Protection setting in WHM.
easyhostmedia
Well-known member
a brute force attack can just be a case of too many login attempts and you get locked out of the server.
How have you managed to operate a hosting business since 2009 and not know about Brute Force?
How have you managed to operate a hosting business since 2009 and not know about Brute Force?
prathyusha
Account Disabled
A large numbers of bots kind of thing from a software trying to login or bypass your site logins is bruteforce
HostingMachines
New member
All port based brute force attacks are shutdown by the firewall. WaP firewalls do help Wordpress etc but they work from a database which is written to with each attack so I don't recommend.
LFD using Regex rules to detect xmlrpc attacks and similar are best imo
Brute force is a trial and error method used by application programs to decode encrypted data for passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force).
Brute force can prevent by following steps:
By reducing surface area
Not being Predictable
Safeguard by security shield.
Brute force can prevent by following steps:
By reducing surface area
Not being Predictable
Safeguard by security shield.
pixelhosts
New member
What he said lol ^^
in layman's terms its where someone uses a piece of software to try and crack your password where the software will attempt many different strings in a short amount of time.
Eric Thomas
New member
Brute force attack is a trial and error attempt to guess a password by trying all possible combinations of characters. If its a form or login attack, you can enable captcha to protect the forms from these type of attacks. For SSH you can have ssh port changed to a custom one.
Brute force also known as brute force cracking is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.
easyhostmedia
Well-known member
Not really. any host can be locked out of their own servers if they have Brute Force enabled as all it means is that someone (could be you) have made too many failed login attempts.
Evolution Host
New member
I'm assuming that we're considering brute force attacks against a service running on the internet. Offline cracking against a dump of stolen passwords which are hashed is another topic! None the less, here's my take on online attacks:
Usernames and Passwords
In terms of prevention/protection for brute force attacks, your first point of call should of course be secure passwords. Most brute force attacks will involve the use of a "dictionary", sometimes known as a "dictionary attack", wherein the attacker will use a list of commonly used words that are then "mangled". The idea being that a password such as secur3P4sswrd1234 would quickly be guessed since it consists of the word "secure" and "password" with various mangling applied. As long as you avoid common passwords and easily guessed passwords such as those derived from personal information that you may have posted online, you're off to a good start. It also helps to avoid default usernames such as "root" as the attacker would then also have to guess or find the username. If you're running an SSH server on a common port, it's likely that "sudo lastb | head" will show lots of failed login attempts for usernames like "admin", "root" etc due to SSH worms that will randomly attack your server.
Securing the service
Since brute force attackers rely upon the ability to try many passwords within a short space of time, we can almost entirely eliminate the risks by slowing down authentication attempts. The most common approach is to place a temporary block on the IP address or account after a set number of failed authentication attempts take place.
You could build this functionality into your applications, or if you have terminal/SSH access to your server and wish to secure existing software, fail2ban is a great tool. It's essentially a log monitor that can automatically block an IP address after a defined number of failed login attempts. It supports software such as OpenSSH, various FTP servers and various web servers out of the box.
Assuming that your passwords are strong, this strategy goes a long way towards securing your server and may even reduce the load on the server by blocking lots of junk requests.
If you're still concerned about the extremely small chance that an attacker could guess the correct password, or are concerned that given a long time (many months/years) the attacker could still succeed, password rotation and IP whitelisting can mitigate this risk.
Usernames and Passwords
In terms of prevention/protection for brute force attacks, your first point of call should of course be secure passwords. Most brute force attacks will involve the use of a "dictionary", sometimes known as a "dictionary attack", wherein the attacker will use a list of commonly used words that are then "mangled". The idea being that a password such as secur3P4sswrd1234 would quickly be guessed since it consists of the word "secure" and "password" with various mangling applied. As long as you avoid common passwords and easily guessed passwords such as those derived from personal information that you may have posted online, you're off to a good start. It also helps to avoid default usernames such as "root" as the attacker would then also have to guess or find the username. If you're running an SSH server on a common port, it's likely that "sudo lastb | head" will show lots of failed login attempts for usernames like "admin", "root" etc due to SSH worms that will randomly attack your server.
Securing the service
Since brute force attackers rely upon the ability to try many passwords within a short space of time, we can almost entirely eliminate the risks by slowing down authentication attempts. The most common approach is to place a temporary block on the IP address or account after a set number of failed authentication attempts take place.
You could build this functionality into your applications, or if you have terminal/SSH access to your server and wish to secure existing software, fail2ban is a great tool. It's essentially a log monitor that can automatically block an IP address after a defined number of failed login attempts. It supports software such as OpenSSH, various FTP servers and various web servers out of the box.
Assuming that your passwords are strong, this strategy goes a long way towards securing your server and may even reduce the load on the server by blocking lots of junk requests.
If you're still concerned about the extremely small chance that an attacker could guess the correct password, or are concerned that given a long time (many months/years) the attacker could still succeed, password rotation and IP whitelisting can mitigate this risk.
Last edited:
What you quoted and then said "Not really," to was pretty much the definition of a brute force attack - so I'm not sure what you're saying not really to.
Sure - the company themselves could get locked out by brute force detection - but if that happens and they have no way around it I'm not sure I'd entirely trust them to properly run and manage their infrastructure.
There's always a way in - such as console access via VPN. If the provider doesn't have console access - which would be odd for a company remote from their hardware not to have.
What was it that you were saying "Not really," to?
You can decode encrypted data by brute forcing it - but decoding encrypted data is not necessarily brute forcing.
Of course, there are many ways to defend against such tactics.
Wordpress blogs are often brute-forced.
But you can deploy mod_sec to stop this.
LiteSpeed has a built-in mechanism in the latest version to stop this.
BitNinja also stops this in its tracks.
CloudLinux Immunity 360 would also stop this.
We have other algorithms that spot this stuff and block users,
Of course, the WAFs stop many brute force attacks, not just WordPress.
Wordpress blogs are often brute-forced.
But you can deploy mod_sec to stop this.
LiteSpeed has a built-in mechanism in the latest version to stop this.
BitNinja also stops this in its tracks.
CloudLinux Immunity 360 would also stop this.
We have other algorithms that spot this stuff and block users,
Of course, the WAFs stop many brute force attacks, not just WordPress.
webconfigure
Member
Brute force attack the ability to guess the passwords of your accounts. There are number of tools which used to guess the passwords of your accounts.
For preventing from the brute force attack, you should not share your passwords with anybody using unauthorised medium. You should have the proper security setup to all your essential files, directories and databases.
For preventing from the brute force attack, you should not share your passwords with anybody using unauthorised medium. You should have the proper security setup to all your essential files, directories and databases.
easyhostmedia
Well-known member
Not really. If you have brute force enabled on your server and you make an error in your login for the server then you can be locked out as a brute force attack
- Status
-
HostingDiscussion
A community for web hosting professionals and enthusiasts, since 2002.
