brute force attack

zzz

I noticed that my server restarted and contacted GoDaddy support. They investigated and concluded that my server is under brute force attack.

During review of your error logs we did discover that your server is under a brute force attack. You may want to use iptables to block these unwanted logins.

Question: How do I do that? Is this the same as FLOOD attack? I have come across the script that deals with those quite efficient.

cahva

If you can run your owns scripts, I recommend using a tool like this:
http://denyhosts.sourceforge.net/

I think you'll get the idea by reading that.

What godaddy probably means is that you add only the ip's that you will be connecting from to allowed ip's and that is very wise to do. However, one cant always do that if he/she travels alot and the ip changes all the time.

I think the main difference in FLOOD(DDOS) and brute force is that DDoS is meant to prevent the site or service not to work as it should and brute force attack is meant to hack to the server and try to overtake the server or steal some information etc. I think if you check wiki pages you'll get better understanding what the differences are 🙂

laserlight

One word of caution about denyhosts: it's good, but there is a small chance (large if you are in a place like Singapore) that you can find yourself blocked if you do not preemptively allow your possible IP addresses.

zzz

oops... I just spoke with a developer in India. I've worked with him in the past and trust his opinion. He usually provides a comprehensive security solution where they setup a firewall, brute force detection and prevention system, a anti DOS system and mod_security at the webserver level.

I'll be changing server in a month or so, so I'll give it a try.

In a meantime perhaps i can add some IPs to a list to be blocked. Not sure how to do that either...

Looked at the logs - scarry. In a meantime I'll keep my Shell turned off.

zzz

How effective IP block with .htaccess ?