vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   General Hosting/Server Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=197)
-   -   NonStop brute force... (https://vborg.vbsupport.ru/showthread.php?t=139284)

Ntfu2 02-13-2007 09:15 AM
NonStop brute force...
 
The last two weeks or so, my servers been under "attack" by some moron trying to brute force his way in. APF is installed with BFD which automatically is banning the IP after a couple tries but i think its starting to adversly affect the server performance.

I've taken numerous security measure such as moving the SSH port, disabling telnet, strong password, and other little tweaks, but its to the point of being annoying.

Most are coming from places such as China, Korea, India, and some smaller countries, I really don't want to resort to blocking entire country IP's for the security of my servers, but its starting to get to the point where it may become necessary. A few were traced back to servers at a hosting firm in the US and i've emailed them some logs, and information for their security dept.'s to review.

Is there any other way to stop these attacks? Thanks

Delphiprogrammi 02-13-2007 12:03 PM
hi,

Well i have those attacks to.Mostly they try common usersnames like "root" or "operator" etc etc.Be aware that those ipadress you see in your logs are not necessarly from the attacker they can use anonymous proxys ... However i know of a little thricky way to configure your server iptables to lock out a entire country.People will not see a special message they'll just see "cannot find server" because iptables is blocking them.If you want that give me a yell

jugo 02-14-2007 01:13 PM
If you're using cPanel i suggest using "ConfigServer firewall" instead of APF and BFD.

it has a very comprehensive set of tools and features that will help your server.

we have implemented it on our servers and actually managed to consolidate 3 shared servers into one because of the resources that we have been able to recover.

Hornstar 02-15-2007 12:58 AM
It seems like you have done well already, however with most attacks, people will give up after a few weeks, if it goes on for any longer then that, then that is really bad luck. Hope it stops soon for you.


All times are GMT. The time now is 08:14 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04781 seconds
  • Memory Usage 1,714KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete