Your Gateway To Digital Success
Wesbytes Blue Logo

Wesbytes Knowledge Base

Search our articles or browse by category below


Last modified: July 2, 2022
You are here:
Estimated reading time: 2 min


Brute-force attacks take place when an attacker tries to figure out every possible password combination and tests it against your website to determine if it’s a valid password. This can be accomplished by encrypting passwords into a secret value using dictionary terms or by attempting to deduce the key generated via key derivation functions.

Additionally, hackers employ a computer programme or script that automatically tries every combination of security holes in order to obtain access. Brute force attacks have grown in popularity as a way to get sensitive information held in databases and other web applications as computer technology becomes quicker and more capable of performing more computations per second.

Recognizing Brute-Force Attacks

Instead of the type, brute-force attacks can be identified by their volume. Your web logs will show a lot of unsuccessful login attempts. Additionally, you might notice the same account entering in repeatedly using several passwords and IP addresses.

Following is a list of logs to review:

Service Logs:

    • /var/log/maillog or /var/log/mail.log – Email service logs
    • /var/log/exim_mainlog – Exim logs
    • /var/log/messages – FTP logs
    • /var/log/auth.log or /var/log/secure – Contains user authorization information

cPanel/WHM Logs:

    • /usr/local/cpanel/logs
    • /var/log/lfd.log

You can check these logs either by command line or within WHM under the ConfigServer Security & Firewall (CSF) home page. Moreover, you can search (grep) system logs or watch (tail) system logs from there.

Defending Against Brute-Force Attacks

ConfigServer Security & Firewall with Login Failure Daemon

Most of our managed cPanel servers have ConfigServer Security & Firewall (CSF) enabled with iptables and Login Failure Daemon (LFD), a service built into CSF. LFD periodically checks for potential threats to a server. It looks for brute-force login attempts and if found, will block the IP address attempting to attack your server.


Additionally, you can activate cPHulk as an additional Brute-Force Detection technique. The cPanel and WHM logins, SSH logins, FTP logins, and IMAP/POP3 logins are all secured by the cPHulk security feature on cPanel servers. After too many unsuccessful attempts to log in from a single IP address, it will block IPs.

Security Best Practices

In addition to checking your logs and using LFD, there are additional security best practices you can implement to secure your server. Here is a list of these best practices which are linked to articles to help you secure your server:

    • Create a secure password
    • Require strong passwords
    • Set up alternate SSH users
    • Use SSH keys
    • Use reCaptcha for user registrations to help keep brute-force bots from being able to enter your site with fictional credentials
Was this article helpful?
Dislike 0
Views: 5