How to protect server from Brute Force Attacks?

Here are a few of the many security options the WHM/cPanel has built in to protect your cPanel dedicated server:

With Brute force attacks, an attacker is enabled to run an automated app/script thus finding out account's password from a list of passwords (dictionary file). This helps in  determining what should be avoided from having weak passwords, safeguarding the systems. A weak password has less than 8 characters (in lower-case) having few consecutive numbers or some commonly used or identifiable words. Conversely, a strong password is one which won't be commonly used or identified elsewhere. It has different numbers, special characters, upper and lower case letters randomly used.


If you're using cPanel/WHM", cPHulk Brute Force Protection" system found in "Security Center" is useful. Based on IPs, timing, and failed login attempts, you are provided several easy-to-configure rules. Against most common brute force/DDoS/DoS attacks, DirectAdmin users are supposed to check "Administration Settings" at Admin Access level. Then only, they should go to next section i.e. Security Section for a similar configuration.


You can prevent more than 2 connections every minute to the SSH port(22) and can block host's IP address for 5 minutes by applying following rules:


iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force"

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j DROP


Secure Shell service is found to be most vulnerable to such attacks. Besides this, Email, FTP, IMAP Server etc. are also vulnerable to these attacks. Initiating many connections simultaneously causes low server productivity, enhanced resource usage, and lesser network capabilities despite using entirely secured passwords. This lies at the core of  Distributed Denial of Service (DDoS) attacks that cause system overloading, thereby leading to the system outage. "SSHGuard" is a useful app that tracks abusive activities by using logs from different services. It can be downloaded from this link: http://freecode.com/projects/sshguard

 
  • 76 Users Found This Useful
Was this answer helpful?

Related Articles

How to get email alert for SSH root login ?

Get Email alert on ssh root login1. Login to your server as root user2. Open file...

What is SSH and its basic useful commands?

SSH or Secure Shell is a way to manage a dedicated server remotely by using integrated Linux...

How can I block a IP address?

To block an individual IP address from accessing your Linux server, you can use the following...

How to install syslog server ?

Syslog Features : 1. Logs the daemon information to Remote host2. Logs the daemon information to...

How can I reset my root password?

This article explains how to reset your server root password if you no longer know it. You will...