Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [brute-force-attacks]

194 questions
1
vote
2 answers

Is it possible to use iptables on Ubuntu to limit brute force attacks?

Is it possible to use iptables on Ubuntu to limit brute force attacks for certain URLs? Basically I want to detect where user calls same url over and over again and drop his connection or somehow slow down if it happens too often.
spirytus
  • 197
  • 2
  • 4
1
vote
1 answer

What are the differences between Fail2Ban and BFD (Brute Force Detection)

I have used both Fail2Ban and BFD, typically I go with Fail2Ban on servers running IPTables, and BFD when servers are running APF. Are there any major differences between these 2 services? What are the strengths and Weaknesses between these 2…
Jacob Evans
  • 7,636
  • 3
  • 25
  • 55
1
vote
0 answers

Strange URL requests via Nginx on Ubuntu 14.04, what is the malicious user trying to do?

A malicious user has been trying to browse to strange URLs that don't exist on my server. One such request turned out to be url…
Benjamin Pinkert
  • 11
  • 1
1
vote
1 answer

Exim undergoing distributed dictionary attack

Our web server is currently undergoing a botnet attack on Exim. Our server is CentOS and is setup with BFD (Brute Force detect that uses APF to prevent access) to detect attempts and block them. This setup works 99% of the time, however since…
Neo
  • 187
  • 3
  • 10
1
vote
0 answers

Server being hacked with lots of weird process

(I have asked same question at https://superuser.com/questions/841908/server-being-hacked-with-lots-of-weird-process and was told better to ask here, could some admin help delete the post at superuser.com? Thanks.) I was told by our IT that one of…
dli
  • 111
  • 2
1
vote
1 answer

block internal ip brute force attack

Here's someone doing a bruteforce attack on my server for several days now, each time through a different external IP address (hundreds so far) but always through the same I assume local IP address: 192.168.2.33 Question is, is there a way to create…
Ivan
  • 893
  • 2
  • 9
  • 23
1
vote
1 answer

htpasswd - Any tip to block brute force attacks?

Update: As Craig suggested I'm trying fail2ban now. Even though I have issues in that as well. failregex is not finding any result though. I had enabled all apache* in jail.local and here is how my apache logs errors: [Fri Jul 25…
Matt
  • 11
  • 1
  • 2
  • 5
1
vote
1 answer

ldap ppolicy implementation for brute force prevention

I have an openldap server (with user passwords) open worldwide which I'm trying to secure. Step 1 was to limit access to data to authenticated users via ACLs. Step 2, to prevent brute force attacks, was to implement ppolicy. Seems to be working…
Oliver Henriot
  • 123
  • 2
  • 8
1
vote
1 answer

Constant brute force attack on specific email addresses

I have a bit of an issue, this has caught my attention yesterday. Someone or something, a botnet I presume, has been trying to gain access to specific e-mail addresses. The server software keeps blocking the login attempts but the problem is that I…
Sevvlor
  • 113
  • 4
1
vote
1 answer

Apache Error log showing File webdav,wp-login.php does not exist- Possible Attack

Apache Error Log shows the following messages. Seems like an attack to me But not sure what it means. Can anyone tell me what are these attacks and how to prevent any damage from such attacks [Wed Jan 22 00:39:36 2014] [error] [client x.y.z.a] File…
user23577
  • 71
  • 1
  • 1
  • 6
1
vote
1 answer

How to I reset the false attempt login counter of iptable after a successful login?

I added the following firewall rules in order to defend against ssh attacks. iptables -N LOGNDROP iptables -A LOGNDROP -j LOG --log-prefix "SSH attack! " --log-level 7 iptables -A LOGNDROP -j DROP iptables -A INPUT -i eth0 -p tcp -m state --dport 22…
My-Name-Is
  • 701
  • 1
  • 5
  • 6
1
vote
1 answer

TS_Block and Windows 2008

I am running a Windows 2008 Server and I have installed ts_block on it to help block RDP brute force attempts on the server. Question 1: What I wanted to know is there any benefit for me using ts_block because my server only allows users to RDP…
Frank G.
  • 143
  • 8
1
vote
3 answers

Prevent server unusable on wordpress bruteforce attacks

I admin a server with lots of wordpress installations on it. Searching a solution to prevent high CPU on bruteforce attacks, this make the server unusable some hours a day. These are the targets: Referer detection is not enough (EXAMPLE) (already…
elijabaley
  • 13
  • 3
1
vote
4 answers

rhel-5.3->vm wordpress attack

i have a rhel 5.3 w/ few virtual machines and one of virtual pc runs cpu: intel quad 2.83 mem: 3.5G os: Linux 2.6.18-128.1.14.el5xen #1 SMP Mon Jun 1 16:09:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux it also runs wordpress, and all of the sudden, i…
alexus
  • 12,342
  • 27
  • 115
  • 173
1
vote
1 answer

Website slowed down, possible DDOS attack

I'm facing a big problem today. My website is very slow. I've tried everything and nothing helped. I disabled mysql and my website was still slow loading a static page. I also restarted the server. I also disable apache and tried to update something…
Victor
  • 11
  • 1
1 2 3
12 13