Preventing brute force attack
Preventing server account access due to brute force attacks on web servers.
If you have web-servers on Apps4Rent’s Hyper-V offering then preventing a Brute force attack on your server should be one of the foremost things in your mind. This will add a layer of security. Brute force attacks are designed to gain access to your server’s “Authorized Area” only. Some examples of “Authorized Area’s” are FTP accounts; e-mail accounts; databases and so on. Some of these attacked may also try to gain access into your root access.
For more info on Apps4Rent’s hosted email plans:
• Hosted Exchange 2010 – Plans starting at $6.95 per month. See plans.
• Mobile SyncMail – Plans starting at $1.95 per month. See plans.
There are various methods using which hackers may try to gain access to your server.
1. Manual login attempts: They will manually try to type in a few common usernames and passwords which they think might gain them access to the system.
2. Dictionary based attacks:These are automated scripts/programs which attempt to guess username and password using various combination of all the words in an exhaustive list (from a pre-arranged list of values). A dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are common words that are short and thus easy to remember.
Signs of a brute force attempt:
Searching for attack footprints or looking at the signs of such attempts is half the battle won. You can easily spot a brute force attempt by checking your servers log files. You will see a series of failed login attempts for the service they are trying to break into. You may want to run this command.
# vi /var/log/secure
or
# tail -f /var/log/secure
Check for failed login attempts.
How to prevent a successful brute force attack:
a. Restricting the amount of login attempts that a user can perform.
b. Banning users IP after multiple failed login attempts.
c. Keep a close eye on your log files for suspicious login attempts.
If you have a Windows Server then you can stop the brute force attempt by changing the port number of Terminal server/ Remote desktop. Default terminal service port is 3389, you can change it to any other port like 3399.
If you have Linux server then you can stop the brute force attempt by changing the port number of ssh service.
Default ssh port is 22, you can change it for any other port like 222 or 10222 etc.
Report Attackers:
You need to block the IP’s. You can also report the attacking IP to the provider for example an ISP.
You can check the source of the IP by going to https://www.iptools.com. https://www.dnsstuff.com is well known site; but you might need subscription service with them.
It will give you information about the ISP, including company and website. Visit the ISP’s website and look for an abuse section, such as abuse@company.com. Send the details to ISP.
Such attacks are very common and frequent these days; more-so, due to the various hacking tools freely available on the Internet. Following these steps will not make your system 100% attack-proof. Brute force attacks are going to happen. The suggestions given here are to assist you to prevent such attacks from being successful. Due to the evolving nature of hackers and hacking these suggestions are likely not to be complete. Please consider them a starting point for information purposes only.
Depend on Apps4Rent for all your business hosting needs.
• Industry leading value based pricing.
• Serving over 10,000 business in 50+ countries.
• One-stop shop for the full range of hosted Microsoft software.
• 24/7 support via chat, email and phone.