Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > General Hosting/Server Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
NonStop brute force... Details »»
NonStop brute force...
Version: , by Ntfu2 Ntfu2 is offline
Developer Last Online: Jan 2010 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 02-13-2007 Last Update: Never Installs: 0
 
No support by the author.

The last two weeks or so, my servers been under "attack" by some moron trying to brute force his way in. APF is installed with BFD which automatically is banning the IP after a couple tries but i think its starting to adversly affect the server performance.

I've taken numerous security measure such as moving the SSH port, disabling telnet, strong password, and other little tweaks, but its to the point of being annoying.

Most are coming from places such as China, Korea, India, and some smaller countries, I really don't want to resort to blocking entire country IP's for the security of my servers, but its starting to get to the point where it may become necessary. A few were traced back to servers at a hosting firm in the US and i've emailed them some logs, and information for their security dept.'s to review.

Is there any other way to stop these attacks? Thanks

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #2  
Old 02-13-2007, 12:03 PM
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Location: Landen(Belgium)
Posts: 1,335
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hi,

Well i have those attacks to.Mostly they try common usersnames like "root" or "operator" etc etc.Be aware that those ipadress you see in your logs are not necessarly from the attacker they can use anonymous proxys ... However i know of a little thricky way to configure your server iptables to lock out a entire country.People will not see a special message they'll just see "cannot find server" because iptables is blocking them.If you want that give me a yell
Reply With Quote
  #3  
Old 02-14-2007, 01:13 PM
jugo jugo is offline
 
Join Date: Feb 2004
Location: Reading your emails.
Posts: 573
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you're using cPanel i suggest using "ConfigServer firewall" instead of APF and BFD.

it has a very comprehensive set of tools and features that will help your server.

we have implemented it on our servers and actually managed to consolidate 3 shared servers into one because of the resources that we have been able to recover.
Reply With Quote
  #4  
Old 02-15-2007, 12:58 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It seems like you have done well already, however with most attacks, people will give up after a few weeks, if it goes on for any longer then that, then that is really bad luck. Hope it stops soon for you.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:58 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05414 seconds
  • Memory Usage 2,223KB
  • Queries Executed 19 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (3)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete