Hosting Discussion

Hosting Discussion (https://www.hostingdiscussion.com/)
-   Web Hosting Discussion (https://www.hostingdiscussion.com/web-hosting-discussion/)
-   -   What is a brute force attack? (https://www.hostingdiscussion.com/web-hosting-discussion/64568-what-brute-force-attack.html)


breeze_host 08-20-2017 11:59 PM

What is a brute force attack?
 
What is a brute force attack?How can we prevent it on the server?

Please share your views:)

RH-Calvin 08-21-2017 02:21 AM

According to Google - Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

SenseiSteve 08-21-2017 01:28 PM

Strange question coming from a provider that sells everything from shared to dedicated and cloud services. In addition to RH-Calvin's response, for WordPress you could install the WordFence plugin to help.

24x7server 08-21-2017 11:28 PM

If you've cPanel installed on the server then you can enable cPHulk Brute Force Protection setting in WHM.

easyhostmedia 08-22-2017 06:04 AM

a brute force attack can just be a case of too many login attempts and you get locked out of the server.

How have you managed to operate a hosting business since 2009 and not know about Brute Force?

prathyusha 08-22-2017 12:48 PM

A large numbers of bots kind of thing from a software trying to login or bypass your site logins is bruteforce

HostingMachines 10-01-2017 05:57 PM

Quote:

Originally Posted by SenseiSteve (Post 224208)
Strange question coming from a provider that sells everything from shared to dedicated and cloud services. In addition to RH-Calvin's response, for WordPress you could install the WordFence plugin to help.

All port based brute force attacks are shutdown by the firewall. WaP firewalls do help Wordpress etc but they work from a database which is written to with each attack so I don't recommend.

LFD using Regex rules to detect xmlrpc attacks and similar are best imo

VPS9.net 10-03-2017 05:22 AM

Brute force is a trial and error method used by application programs to decode encrypted data for passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force).
Brute force can prevent by following steps:
By reducing surface area
Not being Predictable
Safeguard by security shield.

pixelhosts 10-04-2017 01:10 PM

Quote:

Originally Posted by RH-Calvin (Post 224184)
According to Google - Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

What he said lol ^^

in layman's terms its where someone uses a piece of software to try and crack your password where the software will attempt many different strings in a short amount of time.

Eric Thomas 10-08-2017 12:21 AM

Brute force attack is a trial and error attempt to guess a password by trying all possible combinations of characters. If its a form or login attack, you can enable captcha to protect the forms from these type of attacks. For SSH you can have ssh port changed to a custom one.

hostioo 10-08-2017 12:59 PM

Brute force also known as brute force cracking is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

easyhostmedia 10-08-2017 01:51 PM

Quote:

Originally Posted by hostioo (Post 225063)
Brute force also known as brute force cracking is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Not really. any host can be locked out of their own servers if they have Brute Force enabled as all it means is that someone (could be you) have made too many failed login attempts.

Evolution Host 12-10-2017 03:03 PM

I'm assuming that we're considering brute force attacks against a service running on the internet. Offline cracking against a dump of stolen passwords which are hashed is another topic! None the less, here's my take on online attacks:

Usernames and Passwords
In terms of prevention/protection for brute force attacks, your first point of call should of course be secure passwords. Most brute force attacks will involve the use of a "dictionary", sometimes known as a "dictionary attack", wherein the attacker will use a list of commonly used words that are then "mangled". The idea being that a password such as secur3P4sswrd1234 would quickly be guessed since it consists of the word "secure" and "password" with various mangling applied. As long as you avoid common passwords and easily guessed passwords such as those derived from personal information that you may have posted online, you're off to a good start. It also helps to avoid default usernames such as "root" as the attacker would then also have to guess or find the username. If you're running an SSH server on a common port, it's likely that "sudo lastb | head" will show lots of failed login attempts for usernames like "admin", "root" etc due to SSH worms that will randomly attack your server.

Securing the service
Since brute force attackers rely upon the ability to try many passwords within a short space of time, we can almost entirely eliminate the risks by slowing down authentication attempts. The most common approach is to place a temporary block on the IP address or account after a set number of failed authentication attempts take place.

You could build this functionality into your applications, or if you have terminal/SSH access to your server and wish to secure existing software, fail2ban is a great tool. It's essentially a log monitor that can automatically block an IP address after a defined number of failed login attempts. It supports software such as OpenSSH, various FTP servers and various web servers out of the box.

Assuming that your passwords are strong, this strategy goes a long way towards securing your server and may even reduce the load on the server by blocking lots of junk requests.

If you're still concerned about the extremely small chance that an attacker could guess the correct password, or are concerned that given a long time (many months/years) the attacker could still succeed, password rotation and IP whitelisting can mitigate this risk.

MikeDVB 12-12-2017 09:00 AM

Quote:

Originally Posted by easyhostmedia (Post 225070)
Not really. any host can be locked out of their own servers if they have Brute Force enabled as all it means is that someone (could be you) have made too many failed login attempts.

What you quoted and then said "Not really," to was pretty much the definition of a brute force attack - so I'm not sure what you're saying not really to.

Sure - the company themselves could get locked out by brute force detection - but if that happens and they have no way around it I'm not sure I'd entirely trust them to properly run and manage their infrastructure.

There's always a way in - such as console access via VPN. If the provider doesn't have console access - which would be odd for a company remote from their hardware not to have.

What was it that you were saying "Not really," to?

alpshost1 12-13-2017 06:45 AM

Brute force is simply a method by cracking the personal information such as password or we can say it decoding of encrypted data.


All times are GMT -6. The time now is 03:01 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0