Questions tagged [brute-force-attacks]
194 questions
1
vote
1 answer
Troubleshooting potential compromised server from Brute Force SSH Attack
Possible Duplicate:
My server's been hacked EMERGENCY
So I noticed some files/folders on my webserver and investigating leads the fact that a brute force attack via SSH was done on my server (there is a file in a folder called unix which is…
Kobby Owusu
- 11
- 2
1
vote
3 answers
Attempt to access SQL Server with the user SA
I'm suffering an attempted invasion by brute force. A bot is trying to figure out the sa password. How do I restrict logins 3 attempts in SQL Server?
Moreover, I would like to block an IP, how can I do this?
ridermansb
- 215
- 3
- 9
1
vote
1 answer
Preventing Sendmail Brute Force Attack on Solaris 10
I want to dynamically block specific connections that use the same IP address based on a rate or connection limit. Is this possible using Solaris/IPF or some sendmail extension? I want to limit sendmail login attempts to prevent brute force…
Andrew Case
- 3,409
- 3
- 21
- 38
1
vote
3 answers
iis' basic authentication system blocks too many login attempts?
I'm doing a security analysis of a network for a university project. The servers use the basic autentication of iis, integrated with ssl. I'm now considering the possibility of a bruteforce attack. I know that good policy require complex passwords,…
Matteo
- 81
- 1
- 9
1
vote
11 answers
Preventing brute force attacks
What are the best tools to prevent Brute force attacks against ssh and FTP on Linux servers ?
nitins
- 2,527
- 15
- 42
- 65
1
vote
2 answers
Can the bulk execution of "dig domain mx" on 5000 domains be considered an attack to the network?
I have a database containing a lot of invalid emails.
I want to remove all the emails whose domain does not have mx record.
So after I extracted the domain part I wrote a script to bulk check this for the distinct domains by executing among others…
Marinos An
- 155
- 8
1
vote
2 answers
SSHD: Difference between "connection closed..." and "disconnected from..." in log file
The sshd service on my Ubuntu server is under constant attack for various IP and user id.
According to /var/log/auth.log file, there are three different types of fails from unknown id and IP address:
Disconnected from invalid user...
Connection…
codechimp
- 113
- 5
1
vote
1 answer
How secure is encfs
Like others on this site, I am considering using encfs + sshfs for secure offsite backups. I am wondering how robust encfs is to brute force attacks? Do some users use the --stdinpass command with a file to make it harder to crack?
Thanks
Setjmp
- 113
- 1
- 5
1
vote
1 answer
MySQL shutting down on ~ same time and is not starting. Brute Force Attack? Or what?
my portal started to shutting down (1 time a day) and it happening over a week now and i do not know were could issue be. ..
MySQL is shutting down on about the same time and is not starting after that.
I see on mysql error logs multiple connection…
Ingus
- 61
- 8
0
votes
2 answers
Is it wise to have fail2ban block 301 brute forces when you have http to https redirection enabled?
Recently my servers started getting bombarded by anonymous scanners/brute forces.
This is how my nginx access.log looked like after the attacks :
xxx.xxx.xxx.xxx - - [07/Sep/2019:23:30:16 +0200] "GET /phpMyAdmin/index.php HTTP/1.1" 404 548 "-"…
xperator
- 437
- 2
- 11
- 23
0
votes
2 answers
Stopping SSH brute force from China - fail2ban not working
I see things like this in my /var/log/auth.log
sshd[2173]: Unable to negotiate with 218.92.0.205 port 21029: no matching host key type found. Their offer: ssh-rsa,ssh-dss [preauth]
sshd[1964]: Unable to negotiate with 218.92.0.205 port 26342: no…
Woodstock
- 103
- 1
- 1
- 10
0
votes
1 answer
IIS - Detecting Brute Force Logins and Password Spraying
TLDR;
What techniques are being used to detect brute force logins and/or password spraying on IIS hosted websites (including SharePoint, OWA, etc.)?
ModSecurity
There are many tools for other operating systems to address this with the primary being…
phbits
- 206
- 1
- 8
0
votes
1 answer
fail2ban filter matches no lines for xmlrpc attack
I'm trying to jail hosts that brute-force attack a web server, thereby creating (hundreds of) lines in /var/log/apache2/error.log of the form
[Fri Feb 01 11:17:56.158739 2019] [:error] [pid 15870] [client 40.118.7.71:19920] script…
Camille Goudeseune
- 181
- 2
- 7
0
votes
1 answer
Blocking "pokes" of our system
We get tons of these in our apache error log every day.
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist: /var/www/html/phpmyadmin
[Wed Oct 17 03:27:37 2018] [error] [client 103.41.124.159] File does not exist:…
MB34
- 167
- 2
- 9
0
votes
1 answer
Block outside TCP requests from centos server
I have a centOS server and user to host web systems with LAMP. Server owners are complaining that we are sending abnormal TCP requests to external server.
How can we block these types of requests?
Can we use IPTABLE rule for this?
Here is the log of…
Sathiska
- 113
- 2
- 4