Questions tagged [brute-force-attacks]
194 questions
2
votes
0 answers
fail2ban fails to block from auth.log with directadmin
i'm using directadmin on a Ubuntu server. i recently installed Fail2Ban.
but i'm still recieving "Brute-Force attack" email from directadmin.
my jail.conf (only the auth.log jails!):
[ssh]
enabled = true
port = ssh
filter = sshd
logpath =…
![](../../users/profiles/152965.webp)
TD_Nijboer
- 169
- 8
2
votes
2 answers
What is the difference between /etc/hosts.allow and denyhosts' /var/lib/denyhosts/allowed-hosts?
Put another way, why doesn't denyhosts simply reference /etc/hosts.allow? Why does it have it's own file?
Some of the denyhosts tutorials you see instruct the user to add their management IPs to this file while neglecting to even mention…
![](../../users/profiles/207555.webp)
Patrick
- 121
- 1
- 6
2
votes
2 answers
Multiple IP Brute Force Login Attack CentOS 6
Currently, one of my websites is being subject to a brute force login attempt. The problem is that it is coming form multiple IP sources. I have a system that auto bans IP after 3 attempts and so far the attacker has tried/banned 800 different…
![](../../users/profiles/188276.webp)
JJd
- 31
- 3
2
votes
4 answers
Is this a 'port scan'?
Is it still considered a 'port scan' to have scripts trying to SSH in with a list of common account names or trying multiple passwords for 'root' or 'mail' (or similar)? I'm hoping to find a way to block these but I'm at a loss as to what to search…
![](../../users/profiles/72780.webp)
ethrbunny
- 2,327
- 4
- 36
- 72
2
votes
0 answers
Fail2ban on Ubuntu 11.10 does not ban custom filter/jail
An application I'm running logs incorrect logins such as this:
Tue, 19 Mar 13 20:46:03 +0000 failed login from iphere !
Tue, 19 Mar 13 20:46:03 +0000 failed login from iphere !
Tue, 19 Mar 13 20:46:03 +0000 failed login from iphere !
I'm trying to…
![](../../users/profiles/165522.webp)
Bart
- 21
- 1
2
votes
0 answers
ldap prevent brute force
The title should be self explanatory but more in detail I'm looking for a way to protect the ldap from LAN brute force attacks.
It would be fine to prevent password guessing by locking a password for a specified period of time after repeated…
![](../../users/profiles/13414.webp)
damko
- 457
- 3
- 15
2
votes
1 answer
How should I manually add IP addresses to denyhosts?
I have a few IP addresses I want to add manually to denyhosts because they're huge sources of inbound spam. What's the best way to do this? Or should I not be messing with it?
I want to manually add these to denyhosts, but I don't see a way to do…
![](../../users/profiles/29210.webp)
Andy Lester
- 740
- 5
- 16
2
votes
3 answers
Block brute-force attack using lastb and iptables
Using linux lastb command, I found that my server is brute-force attacked from many different IPs around the world! I have developed an script to detect brute-force attackers by lastb and block them by iptables. Here is the script:
#!/bin/bash
cd…
![](../../users/profiles/128297.webp)
lashgar
- 671
- 1
- 5
- 16
2
votes
3 answers
How to protect ejabberd from bruteforce attacks?
It writes this in logs:
=INFO REPORT==== 2012-03-14 17:48:54 ===
I(<0.467.0>:ejabberd_listener:281) : (#Port<0.4384>) Accepted connection {{10,254,239,2},51986} -> {{10,254,239,1},5222}
=INFO REPORT==== 2012-03-14 17:48:54…
![](../../users/profiles/50663.webp)
Sergey
- 714
- 2
- 6
- 21
2
votes
1 answer
Which password entropy for MS-CHAPv2
I am looking at connecting in a reasonably secured way mobiles to an enterprise WiFi network.
The current solutions would be user certificates on the mobiles (they are unfortunately exportable) or PEAP-MS-CHAP-v2.
PEAP-MS-CHAP-v2 is vulnerable to…
![](../../users/profiles/78319.webp)
WoJ
- 3,365
- 8
- 46
- 75
2
votes
1 answer
Does enabling cPHulk from within WHM protect my entire server?
So I have enabled cPHulk on my web server, and just realized now that somebody (most likely a bot) is attempting to brute force their way into my WHM, thus leaving me out as well.
I was shown this message when attempting to login to my WHM from the…
![](../../users/profiles/33108.webp)
darkAsPitch
- 1,861
- 4
- 25
- 42
2
votes
3 answers
Why isn't fail2ban blocking failures?
This below is the output of fail2ban log. Nothing more shows up, but in auth.log I see like hundreds of failures for root user login (someone is bad ass brute forcing).
2011-07-06 01:48:16,249 fail2ban.server : INFO Changed logging target to…
![](../../users/profiles/47394.webp)
Rihards
- 759
- 2
- 12
- 22
2
votes
4 answers
Web server minimum password security based on 100 attempts per second
This insightful article proposes that passwords don't need to be very secure:
http://www.baekdal.com/tips/password-security-usability?
There is one specific line in here that I find troubling:
The actual number varies, but most web applications…
![](../../users/profiles/69829.webp)
pokstad
- 133
- 6
2
votes
3 answers
Can I Use iptables rate limiting to temporarily block FTP server brute-force attempts?
This is along a similar line to other posts on brute-force attacks, but a bit more specific:
We are able to enforce decent passwords, generally, and user name policy also avoids falling prey to what 99.9% of the brute-force FTP stuff is trying...…
![](../../users/profiles/55888.webp)
Andrew Barber
- 1,089
- 12
- 23
2
votes
3 answers
I am getting brute forced, what do I do
I am getting brute forced to my email server, IMAP and POP3. I have the full package of ASL installed but it just sends me the OSSEC logs. How can I ban the IP.
I thought ASL automatically blocked these attacks after a few wrong tries. How can I do…
![](../../users/profiles/26204.webp)
Saif Bechan
- 10,892
- 10
- 40
- 63