How to deal with brute force attacks

Nova · 10-24-2016, 08:42 AM

How do you control an ongoing brute force attack on your vps ? I had gone through one I had a managed vps at Hudsonvalley hosting. fortunately they put more security measures on server to prevent them getting through. Couldnt stop the attack. its was advanced type hitting from multiple ips and locations.

**Lampard** · 10-24-2016, 04:16 PM

Banning all the IP's would be a good choice. I don't think that the one who is attacking will have so MANY IPS, still they can be stopped, if they have like 10 IPs too.

Nova · 10-24-2016, 06:45 PM

You would be amazed to see how sophisticated some of these brute force attacks. I was getting hit by ips all over the world randomly. Not just from few ips or one ip range.

Server wad blocking like 10 - 30 ips per hour and this has happened none stop for several months till i changed my account to different ip range.

boy I was so worried by any chance they would break through. Fortunatly that didnt happen.

JETHANER · 12-04-2016, 08:04 PM

I has bad experience with that, i just got my VPS hacked with this twice, and that situation made my VPS got suspended, after that i just start made password with more complex words with numbers, so far till now never get hacked anymore. In few days ago i also captured my raspberry pi which i used as a webserver and connected with public IP got scanned by lot of botnet, looking from the IPs which i just captured from the apache logs many of them is from china. It's funny cause i just remember few days before that happen i just saw a film that tell me to keep in watch with chinese hackers.

**perry** · 12-05-2016, 12:57 PM

by bruteforce try to change ssh port couple times to some never used ports.
and bli

Conan · 12-05-2016, 02:35 PM

(12-05-2016, 12:57 PM)perryoo11 Wrote: by bruteforce try to change ssh port couple times to some never used ports.
and bli

Port scanners exists. They can check what services run on each port. Port scanning isn't that slow.
@karatekidmonkey is right. EVerything he suggested is the best way to shield your server frmo bruteforcing.

Dudi · 12-05-2016, 02:40 PM

The best is to choose a VPS provider with DDOS protection. Such as Host4Fun or Virmach.

Conan · 12-05-2016, 02:42 PM

(12-05-2016, 02:40 PM)Dudi Wrote: The best is to choose a VPS provider with DDOS protection. Such as Host4Fun or Virmach.

Brute force isn't DDoS. DDoS = Distributed Denial of Service.

Dudi · 12-05-2016, 04:07 PM

(12-05-2016, 02:42 PM)Conan Wrote: Brute force isn't DDoS. DDoS = Distributed Denial of Service.

I think that there are different types of DDOS protection from network-transport layer to application layer (based on OSI) and it can protect the the users VPS servers with defense against port scanning.

Dudi · 12-06-2016, 10:36 AM

(12-05-2016, 09:38 PM)karatekidmonkey Wrote: No, that is not true. Please read. https://en.wikipedia.org/wiki/Denial-of-service_attack

A brute force attack/port scanner is NOT a Distributed Denial of Service attack, whatsoever. It is CLEARLY stated in the article that DDoS/DoS attacks are "a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.".

Think about it. Is a port scan/brute force attack a flood of requests that is intended to take a certain network resource down? No, it is not.

OSI 7 layer means application layer, so advanced DDOS firewalls protect against port scanning too
https://hostsailor.com/ddos-protection-and-mitigation/

Login

Options

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting