What is a BRUTE-FORCE ATTACK?
Brute-force attacks take place when an attacker tries to figure out every possible password combination and tests it against your website to determine if it’s a valid password. This can be accomplished by encrypting passwords into a secret value using dictionary terms or by attempting to deduce the key generated via key derivation functions.
Additionally, hackers employ a computer programme or script that automatically tries every combination of security holes in order to obtain access. Brute force attacks have grown in popularity as a way to get sensitive information held in databases and other web applications as computer technology becomes quicker and more capable of performing more computations per second.
Recognizing Brute-Force Attacks
Instead of the type, brute-force attacks can be identified by their volume. Your web logs will show a lot of unsuccessful login attempts. Additionally, you might notice the same account entering in repeatedly using several passwords and IP addresses.
Following is a list of logs to review:
Service Logs:
- /var/log/maillog or /var/log/mail.log – Email service logs
- /var/log/exim_mainlog – Exim logs
- /var/log/messages – FTP logs
- /var/log/auth.log or /var/log/secure – Contains user authorization information
cPanel/WHM Logs:
- /usr/local/cpanel/logs
- /var/log/lfd.log
You can check these logs either by command line or within WHM under the ConfigServer Security & Firewall (CSF) home page. Moreover, you can search (grep) system logs or watch (tail) system logs from there.
Defending Against Brute-Force Attacks
ConfigServer Security & Firewall with Login Failure Daemon
cPHulk
Additionally, you can activate cPHulk as an additional Brute-Force Detection technique. The cPanel and WHM logins, SSH logins, FTP logins, and IMAP/POP3 logins are all secured by the cPHulk security feature on cPanel servers. After too many unsuccessful attempts to log in from a single IP address, it will block IPs.
Security Best Practices
In addition to checking your logs and using LFD, there are additional security best practices you can implement to secure your server. Here is a list of these best practices which are linked to articles to help you secure your server:
- Create a secure password
- Require strong passwords
- Set up alternate SSH users
- Use SSH keys
- Use reCaptcha for user registrations to help keep brute-force bots from being able to enter your site with fictional credentials
