Questions tagged [brute-force-attacks]
194 questions
2
votes
1 answer
Block bruteforce attempts with nginx & cloudflare without rate limiting
So I discovered servers trying to bruteforce my API so I want to block them...but my specific scenario made it difficult to work with common solutions found on the internet.
1) I don't want to just rate limit, if any IP attempts to authenticate with…
![](../../users/profiles/283822.webp)
Freedo
- 133
- 7
1
vote
2 answers
Brute Force attack in DirectAdmin
I have problem with brute force monitor in direct admin.
Every minute i get info like this:
15705610210001 52.187.17.107 123 1 sshd4 Oct 8 20:56:24 server sshd[10817]: Failed password for invalid user 123 from 52.187.17.107 port 40775…
![](../../users/profiles/543722.webp)
jedlu91
- 11
- 2
1
vote
0 answers
SSH brute-force from my network / domain
Twice a week I receive an email to abuse@mydomain.tld that says:
An attempt to brute-force account passwords over SSH/FTP by a machine in your domain or in your network has been detected. Attached are the host who attacks and time / date of…
![](../../users/profiles/524028.webp)
Lorenzo Martini
- 111
- 4
1
vote
0 answers
I am getting bruteforce attack from locvangxuanfb2019.com
In my wordpress website, I am getting bruteforce login attempts from locvangxuanfb2019.com and hopquavn2019.com
When I try to ping locvangxuanfb2019.com and hopquavn2019.com I get response from localhost. Even on my computer.
I have never seen such…
![](../../users/profiles/76530.webp)
Future King
- 133
- 1
- 6
1
vote
0 answers
How to Ban WordPress Brute Force Attack by Client From Apache's Server Status Page?
I have a server hosting multiple domains and protected by Fail2Ban with WP Fail2Ban and wordpress-hard + wordpress-soft rules.
Recently I notice that our server is heavily loaded and seems like we are under heavy brute force attack. I can see that…
![](../../users/profiles/507446.webp)
Kenaz Chan
- 11
- 1
1
vote
1 answer
RDP Server under attack; IP address used is our server address
I have setup a Windows 2016 server for remote desktop access, and installed RDPGuard to block brute force attacks. This worked well for a few days and RDPGuard blocked out a number of IP addresses.
However a few days ago I noticed RDPGuard skipped…
![](../../users/profiles/464799.webp)
Laurence
- 11
- 2
1
vote
1 answer
Stop HTTP Post Requests with NGINX Before Hitting WordPress Application Log-in Page
Since the bots send HTTP Post requests directly at the known target /wp-login.php to skip the Captcha, would it be possible to check for a custom Post Input such as the Captcha Input or my own custom input field, and then deny the request if not…
![](../../users/profiles/417236.webp)
i_a
- 111
- 3
1
vote
1 answer
NGINX Brute Force Detection of devices hiding behind NAT. Block only specific device and not all devices sharing the same IP
I have a AWS EC2 Ubuntu instance with NGINX server configured to listen on IP address 50.0.0.1 (Example) on port 80.
I have a login page in index.php. I want to configure nginx for brute force detection and prevention (active blocking) for this…
![](../../users/profiles/437923.webp)
Akki
- 45
- 1
- 7
1
vote
1 answer
Brute Forcing IPs
I have random IPs constantly targetting my Apache server. A sample of what I get in my log:
80.108.96.31 - - [18/Aug/2017:16:16:08 +0000] "GET /machine.xml HTTP/1.1" 403 520 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0;…
![](../../users/profiles/431775.webp)
Kal
- 143
- 6
1
vote
1 answer
fail2ban with vsftpd explicit sftp
The fail2ban vsftpd default config doesn't take care of blocking brute force requests when tls is enabled on vsftpd.
At the moment the vsftpd log only shows the below lines which don't match the regex. Does anyone have a good regex to take care of…
![](../../users/profiles/403730.webp)
James
- 11
- 1
1
vote
1 answer
Too many TIME_WAIT connections on mysql from an outside host
My netstat is showing over 2,000 mysql connections with the state of TIME_WAIT that seems to be stuck and won't go away. It's been like that for several hours and many of the connections are coming from an IP address that doesn't have privilege to…
![](../../users/profiles/284258.webp)
user3186337
- 75
- 1
- 3
- 9
1
vote
8 answers
How to secure a Mac Server ("Possible break-in attempt" in logs)
I'm getting these quite frequently in my /var/log/secure.log:
Nov 5 10:50:49 www sshd[775]: reverse mapping checking getaddrinfo for 124.107.32.54.pldt.net [124.107.32.54] failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 5 10:50:49 www sshd[775]: Invalid…
![](../../users/profiles/5913.webp)
matpie
- 453
- 1
- 5
- 9
1
vote
1 answer
What Is Better For Security And Performance - APF or Fail2ban?
I have been doing plenty of research on Advanced Policy Firewall (APF) and Fail2Ban. I have a VPS under SSH brute force attack. I'm leaning towards APF and just allowing on my few IPs through. However, I would love to have the convenience of using…
![](../../users/profiles/359444.webp)
DomainsFeatured
- 181
- 1
- 1
- 6
1
vote
1 answer
How to protect saslauthd from local brute force attack?
There are numerous instructions over the internet to use saslauthd. I've tried to run the service. It gave me a surprise when I discovered that /run/saslauthd/mux socket and /usr/sbin/testsaslauthd are both available for non-privileged users. So…
![](../../users/profiles/166705.webp)
ayvango
- 131
- 1
- 2
1
vote
1 answer
Dealing with Brute Force Attack
For the better part of yesterday (and today so far) my server is being attacked with brute force.
I am rather an inexperience admin when it gets passed the basics. I understand how to find things, sometimes understand how to configure things. This…
![](../../users/profiles/27788.webp)
Richard Testani
- 267
- 1
- 2
- 8