cPanel WHM and Linux Hacking! - Page 2

webspacedepotcm · Post #16 (**permalink**) 12-29-2008, 01:10 PM

I am pretty sure you can have BFD block failed POP3 logins as well. It can be configured to block failed logins from nearly every service that logs it.

But unless they are logging in from a different IP every time, BFD should pretty much stop brute forcing in its tracks.

handsonhosting · Post #17 (**permalink**) 12-29-2008, 07:06 PM

dump APF and BFD - these are outdated scripts.

Download CSF from www.configserver.com. You can ratelimit the number of connections allowed etc. We stand by this script on hundreds of our servers.

We set our limits at 5 seccessive login failures, and it then temporarily blocks the IP number for 15 minutes (long enough for most Bruteforce attempts to move to a new server). If they get temporary blocked 4 times in a row, it permanently blocks the IP from further accesses to the server in question.

hzSari · Post #18 (**permalink**) 01-01-2009, 11:18 PM

CSF is a strong recommendation for server firewall, actually the APF, BFD and CSF all installed together would be the best choice.

handsonhosting · Post #19 (**permalink**) 01-01-2009, 11:27 PM

You CAN NOT run APF and BFD in conjunction with CSF. When you install CSF it will prompt you to uninstall APF & BFD. If you do not, you can end up with a highly crippled machine (if it will even function).

Have you ever tried to run all 3 together? It doesn't work

TopQHost · Post #20 (**permalink**) 01-20-2009, 07:08 AM

This kind of brute force attempt is pretty normal to expect. The best method is to change the ssh port entirely and install CSF. If you install csf however, be sure to go through each and every setting. Leaving it as-is will probably lead to locking yourself out of the server. If you really want to go secure, allow ssh access only from certain ips or using ssh keys only.

When it comes to other services such as email, hackers will use random emails and passwords also. Again, this is expected from a site that becomes popular on the internet. CSF does a good job of monitoring the logs under /var/log for any invalid attempts and blocking as necessary.

mfwl · Post #21 (**permalink**) 01-21-2009, 03:38 AM

Quote:

Originally Posted by TopQHost

This kind of brute force attempt is pretty normal to expect. The best method is to change the ssh port entirely and install CSF. If you install csf however, be sure to go through each and every setting. Leaving it as-is will probably lead to locking yourself out of the server. If you really want to go secure, allow ssh access only from certain ips or using ssh keys only.

When it comes to other services such as email, hackers will use random emails and passwords also. Again, this is expected from a site that becomes popular on the internet. CSF does a good job of monitoring the logs under /var/log for any invalid attempts and blocking as necessary.

After these attacks I chose SSH Keys. I couldn't believe how easy it was to set them up and get cpanel to verify the user.

Spot on!

HivelocityLB · Post #22 (**permalink**) 01-27-2009, 11:28 AM

I Highly recommend installing APF and BFD.
This should help in preventing such attacks in the future.