Geeks With Blogs
Melissa Caddy

Here are a few of the many security options the WHM/cPanel has built in to protect your cPanel dedicated server:

With Brute force attacks, an attacker is enabled to run an automated app/script thus finding out account's password from a list of passwords (dictionary file). This helps in  determining what should be avoided from having weak passwords, safeguarding the systems. A weak password has less than 8 characters (in lower-case) having few consecutive numbers or some commonly used or identifiable words. Conversely, a strong password is one which won't be commonly used or identified elsewhere. It has different numbers, special characters, upper and lower case letters randomly used.

If you're using cPanel/WHM", cPHulk Brute Force Protection" system found in "Security Center" is useful. Based on IPs, timing, and failed login attempts, you are provided several easy-to-configure rules. Against most common brute force/DDoS/DoS attacks, DirectAdmin users are supposed to check "Administration Settings" at Admin Access level. Then only, they should go to next section i.e. Security Section for a similar configuration.

You can prevent more than 2 connections every minute to the SSH port(22) and can block host's IP address for 5 minutes by applying following rules:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force"

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 300 --hitcount 3 --rttl --name SSH -j DROP

Secure Shell service is found to be most vulnerable to such attacks. Besides this, Email, FTP, IMAP Server etc. are also vulnerable to these attacks. Initiating many connections simultaneously causes low server productivity, enhanced resource usage, and lesser network capabilities despite using entirely secured passwords. This lies at the core of  Distributed Denial of Service (DDoS) attacks that cause system overloading, thereby leading to the system outage. "SSHGuard" is a useful app that tracks abusive activities by using logs from different services. It can be downloaded from this link:

Posted on Friday, August 21, 2015 6:35 AM protect server from Brute Force Attacks , server security , linux server security | Back to top

Related Posts on Geeks With Blogs Matching Categories

Comments on this post: How to protect server from Brute Force Attacks?

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Melissa Caddy | Powered by: