PDA

View Full Version : NonStop brute force...


Ntfu2
02-13-2007, 09:15 AM
The last two weeks or so, my servers been under "attack" by some moron trying to brute force his way in. APF is installed with BFD which automatically is banning the IP after a couple tries but i think its starting to adversly affect the server performance.

I've taken numerous security measure such as moving the SSH port, disabling telnet, strong password, and other little tweaks, but its to the point of being annoying.

Most are coming from places such as China, Korea, India, and some smaller countries, I really don't want to resort to blocking entire country IP's for the security of my servers, but its starting to get to the point where it may become necessary. A few were traced back to servers at a hosting firm in the US and i've emailed them some logs, and information for their security dept.'s to review.

Is there any other way to stop these attacks? Thanks

Delphiprogrammi
02-13-2007, 12:03 PM
hi,

Well i have those attacks to.Mostly they try common usersnames like "root" or "operator" etc etc.Be aware that those ipadress you see in your logs are not necessarly from the attacker they can use anonymous proxys ... However i know of a little thricky way to configure your server iptables to lock out a entire country.People will not see a special message they'll just see "cannot find server" because iptables is blocking them.If you want that give me a yell

jugo
02-14-2007, 01:13 PM
If you're using cPanel i suggest using "ConfigServer firewall" instead of APF and BFD.

it has a very comprehensive set of tools and features that will help your server.

we have implemented it on our servers and actually managed to consolidate 3 shared servers into one because of the resources that we have been able to recover.

Hornstar
02-15-2007, 12:58 AM
It seems like you have done well already, however with most attacks, people will give up after a few weeks, if it goes on for any longer then that, then that is really bad luck. Hope it stops soon for you.