On This Page
Brute Force Attacks
Not a secret that Internet is very aggresive environment. Thouthands bots searches active servers and particular services on them and begin automatic brute-force attack to access the server, service or web site.
After active a new server it's enough about 1 day and Internet bots will start brute SSH, Wordpress, MySql, MongoDb and other services.
Definition
A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly.
Brute force can be used against known services (SSH, Mail Servers, etc) as well as business specific systems (brute force against your web system to access admin part or profile of another user).
Countermeasures
The best way to protect the system is to limit access to the service (SSH, FTP, Web Site Admin) on IP Address level.
Another approach to protect OS level known services (SSH, exim, MySql, Apache, nginx, etc.) on your servers is to use active protection software against bruteforce attacks like Fail2ban.
Refer to OWASP recommendations how to Block Brute Force attacks for web applications. For example, Dhound clients' dashboards are protected for example by showing Google CAPTCHA after particular number of failed login attempts.
See Also
- Installing Fail2ban (this resource)
- Test brute force protection (this resource)
- Brute force attack against Web App (OWASP)
- Testing for Web App Brute Force (OWASP-AT-004)
Published on Apr 12, 2017