How to deal with brute force attacks

Conan · 12-06-2016, 01:13 PM

(12-06-2016, 10:36 AM)Dudi Wrote: OSI 7 layer means application layer, so advanced DDOS firewalls protect against port scanning too
https://hostsailor.com/ddos-protection-and-mitigation/

Port scanning is VERY HARD TO MITIGATE. It's hard to tell if it's a legitimate user or a bot. It just detects multiple attempts which is bruteforcing.

I don't really like the term DDoS firewall. It's just basically a firewall with strong packet filtering function.

Firewalls may protect against DDoS but it doesn't i clude Layer 7 protection MOST OF THE TIME. The resources needed for filtering Layer 7 connections is just too damn high.

EDIT:
Just some more additional info.
Most of the Firewalls that protect against Layer 7 attacks just works on http/https or some other very widely used and attacked protocols.

Please don't rely on those for port scanning protection. They don't protect you from it.

Vuluts · 12-15-2016, 02:26 PM

Based on the thread, Brute Force attack is different from DDoS attack? Brute Force is a type of attack that continuously attempts to logging in into the server and DDoS is a type of attack thru layers? correct me if I'm wrong brothers.

RickB · 12-15-2016, 05:53 PM

@Vuluts, that might be an explaination, but "thru layers" is not a really clear clarification in my opinion. I myself imagine it this way:
DDoS: A lot of cars are pushed onto the highway, causing traffic jams (= server down)
Bruteforce: One car is trying to get into someone's garage by continuously trying a different key (every time he uses a different (random) key)

meetdilip · 12-16-2016, 02:06 AM

A lot of people banging the door = DDoS

Trying different keys to door = Brute force attack

Vuluts · 12-16-2016, 01:28 PM

@RickB that's exactly what I want to express lol

Follow up question: Does DDoS attack and Brute Force attack can clearly defend 100%?

Conan · 12-17-2016, 07:25 AM

(12-16-2016, 01:28 PM)Vuluts Wrote: @RickB that's exactly what I want to express lol

Follow up question: Does DDoS attack and Brute Force attack can clearly defend 100%?

DDoS attacks can't be fully mitigated especially layer 7 attacks.
BruteForce can be mitigated by enforcing rate limiting on login pages.

Nova · 12-18-2016, 08:41 AM

Yes. Thats what I do. limts No. of failed logins to 3 and not using common user names like admin , root etc. Also using long complicated passwords.

Jayce · 12-18-2016, 11:42 AM

The original poster might have already found the solution though I'll just share what I know in case someone else faces a similar situation and is looking for a solution. I usually disable root user, create a user with my name probably, add it to SUDOers, change SSH port to any other random port, use a complicated password (if not a SSH key-based authentication) and install fail2ban. That's how I secure my VPS. If you haven't done any action to secure your VPS (even if you have no past bruteforce attacks) you should start securing your VPS.

**xdude** · 12-18-2016, 05:40 PM

OP was just starting a discussion about the subject telling his experience. So all opinions , suggestions and advice should be helpful to anyone who's viewing the thread.

Arkiven4 · 12-21-2016, 11:30 PM

I Agree With @Nova . And MayBe Add If 3 times Failed To Logins . Bans Ip Temporaly

Login

Options

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting