Knowledgebase


Portal Home > Knowledgebase > Linux > Security > How to protect server from Brute Force Attacks?


How to protect server from Brute Force Attacks?




Here are a few of the many security options the WHM/cPanel has built in to protect your cPanel dedicated server:

With Brute force attacks, an attacker is enabled to run an automated app/script thus finding out account's password from a list of passwords (dictionary file). This helps in  determining what should be avoided from having weak passwords, safeguarding the systems. A weak password has less than 8 characters (in lower-case) having few consecutive numbers or some commonly used or identifiable words. Conversely, a strong password is one which won't be commonly used or identified elsewhere. It has different numbers, special characters, upper and lower case letters randomly used.


If you're using cPanel/WHM", cPHulk Brute Force Protection" system found in "Security Center" is useful. Based on IPs, timing, and failed login attempts, you are provided several easy-to-configure rules. Against most common brute force/DDoS/DoS attacks, DirectAdmin users are supposed to check "Administration Settings" at Admin Access level. Then only, they should go to next section i.e. Security Section for a similar configuration.


You can prevent more than 2 connections every minute to the SSH port(22) and can block host's IP address for 5 minutes by applying following rules:


iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force"

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j DROP


Secure Shell service is found to be most vulnerable to such attacks. Besides this, Email, FTP, IMAP Server etc. are also vulnerable to these attacks. Initiating many connections simultaneously causes low server productivity, enhanced resource usage, and lesser network capabilities despite using entirely secured passwords. This lies at the core of  Distributed Denial of Service (DDoS) attacks that cause system overloading, thereby leading to the system outage. "SSHGuard" is a useful app that tracks abusive activities by using logs from different services. It can be downloaded from this link: http://freecode.com/projects/sshguard

 


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
How to use iptables? (Views: 3813)

Language: