Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [brute-force-attacks]

194 questions
65
votes
11 answers

Denyhosts vs fail2ban vs iptables- best way to prevent brute force logons?

I'm setting up a LAMP server and need to prevent SSH/FTP/etc. brute-force logon attempts from succeeding. I've seen many recommendations for both denyhosts and fail2ban, but few comparisons of the two. I also read that an IPTables rule can fill the…
spiffytech
  • 1,043
  • 2
  • 11
  • 16
51
votes
14 answers

Preventing brute force attacks against ssh?

What tool or technique do you use to prevent brute force attacks against your ssh port. I noticed in my Security logs, that I have millions of attempts to login as various users through ssh. This is on a FreeBSD box, but I imagine it would be…
grieve
  • 1,517
  • 3
  • 17
  • 18
49
votes
13 answers

Ban IP address based on X number of unsuccessful login attempts?

Is it possible to ban an IP address after X number of unsuccessful login attempts to a Windows Server? Not to a particular account, which I know how to do, but to the whole machine. We get hit pretty hard by brute force attacks trying to guess…
HeavyWave
  • 745
  • 1
  • 6
  • 9
29
votes
4 answers

Rate limiting with UFW: setting limits

UFW's man page mentions that it can setup iptables rate limiting for me: ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. ufw will deny connections if an IP address has…
Tom
  • 601
  • 2
  • 8
  • 15
27
votes
5 answers

How to stop/prevent SSH bruteforce

I'm very new to network administration, so please regard that I'm not that experienced yet. I have a Ubuntu root server with plesk panel. Yesterday my friends and I noticed that the quality of speech on our TS3 got very bad. I sent some pings to the…
user219534
23
votes
7 answers

How to stop brute force attacks on Terminal Server (Win2008R2)?

I'm more familiar with Linux tools to stop brute force attacks, so I'm having trouble finding suitable tools for Windows. I'm running a Windows Server 2008 R2 with Terminal Server, and I'd like to block an IP after repeated attempts to login via…
onik
  • 997
  • 3
  • 7
  • 20
16
votes
11 answers

Is there a standard method of proving password security to non-mathematicians?

My client has a server that is being subjected to brute-force login attempts from a botnet. Due to the vagaries of the server and the client's client, we can't easily block the attempts through a firewall, port change, or login account name…
Porks
  • 163
  • 5
15
votes
12 answers

Securing SSH server against bruteforcing

I have a little SVN server, old dell optiplex running debian. I don't have that high demands on my server, because its just a little SVN server... but do want it to be secure. I just renewed my server to a newer and better optiplex, and started…
Paul Peelen
  • 289
  • 2
  • 16
11
votes
5 answers

How to find source of 4625 Event ID in windows server 2012

I have many audit failure with event ID 4625 and Logon type 3 in my event log. Is this problem form my server(internal services or applications) ? Or this is brute force attack? Finally How can i find source of this logins and resolve problem? This…
Mohsen Tavoosi محسن طاوسی
  • 211
  • 1
  • 2
  • 7
11
votes
3 answers

What is the source of thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext)?

I have a Windows Server 2008 R2 system that's showing thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext) in the Security section of the Windows Logs every single day. There are no IP addresses of the systems trying to gain…
kevinmicke
  • 411
  • 1
  • 4
  • 16
10
votes
3 answers

Securing linux servers: iptables vs fail2ban

I would like to pick the community's brain regarding linux server security, specifically regarding brute-force attacks and using fail2ban vs custom iptables. There are a few similar questions out there but none of them address the topic to my…
kingmilo
  • 211
  • 2
  • 7
10
votes
9 answers

Preventing brute-force attacks on MySQL?

I need to turn on networking for MySQLd, but every time I do, the server gets brute-forced into oblivion. Some mean password guessing script starts hammering on the server, opening a connection on port 3306 and trying random passwords forever. How…
Keith Palmer Jr.
  • 1,151
  • 4
  • 16
  • 28
10
votes
9 answers

How secure are passwords with under 20 characters length?

I recently received a recommandation for setting my password to above 20 characters. The algorithm used for encryption is AES with a 256 bit primary key. How secure is a, let's say, 8 char password against brute force attacks for deciphering…
cmserv
  • 195
  • 2
  • 6
  • 14
10
votes
8 answers

Servers harrassed by individual on constantly changing IPs

We run a community product. There is an individual (a little PoS kid) in the UK that is harassing our site for the last 6 months. His daily task is to create a new account, post a bunch of illegal / inflammatory content, get a rise out of people,…
Arronsky2
9
votes
3 answers

Prevent SSH attacks

I'm trying to setup iptables rules to only allow 3 attempts by an IP per minute to connect to the servir via SSH, and drop all the connections after to prevent SSH attacks; but it seems i'm doing something wrong! -A INPUT -p tcp -m tcp --dport 22 -m…
MGP
  • 213
  • 1
  • 5
1
2 3
12 13