While someone might not be targeting your site or server specifically, they will have automated tools that will try to guess random usernames and passwords that are common against your system. They’re essentially forcing their way to user only authorized area’s of a system, such as FTP accounts, e-mail accounts, databases, script based administration areas and root or any shell access are most common attempts.
They will try multiple login attempts, guessing usernames and passwords, trying to force their way onto your machine. We can see how Brute force attacks main service daemons such as ftp and shell.
Hackers can try to get into your system using a few different methods:
1) Manual login attempts, they will try to type in a few usernames and passwords.
2) Dictionary based attacks, automated scripts and programs will try guessing thousands of usernames and passwords from a dictionary file, sometimes a file for
usernames and another file for passwords.
3)Generated logins, a cracking program will generate random usernames set by the user. They could generate numbers only, a combination of numbers and letters or
other combinations.
How to identify if it is Brute force attack:
You can easily spot a brute force attempt by checking your servers log files. You will see a series of failed login attempts for the service they’re trying to break into.
# tail –f /var/log/secure
How to prevent a brute force attack:
There are a few main ways to stop a brute force attack:
1) restricting the amount of login attempts that a user can perform
2) banning a users IP after multiple failed login attempts
3) keep a close eye on your log files for suspicious login attempts
Tools to stop and prevent brute force hack attempts:
1) Never enable demo or guest accounts as they will be the first way an attacker will get access into your system and further exploit it.
2) Never have more than one user in the root group.
3)APF & BFD (rfxnetworks.com)
There are many different tools you can use to prevent and stop brute force hackers. The two of them we’ll focus on in this article are APF firewall and BFD (brute force detection) developed by rfxnetworks.
4)LogWatch (logwatch.org)
LogWatch is highly recommended tool that sends you daily reports of system activity including disk space, failed login attempts and much more. If you have a Cpanel server LogWatch *should* be installed by default.