Knowledgebase

Portal Home > Knowledgebase > Articles Database > how to prevent user using brute force on it account


how to prevent user using brute force on it account




Posted by xwing, 10-10-2008, 01:24 AM
i had this problem that a user of mine is using the account on my linux vps to do brute forcing login/pass exploit,is there any way to prevent this?
Posted by ServerSurgeon Martin, 10-10-2008, 02:34 AM
Hi, You can use something like Logwatch and configure it to send emails to your mailbox, this will send emails with information who and from where tried bruteforce or dictionary attacks and based on this take measures(block account, Deny connections from some IP that was doing this).
Posted by xwing, 10-10-2008, 09:43 AM
aight sweeet
Posted by eth1, 10-10-2008, 10:08 AM
You can also install a firewall software such as CSF( www.configserver.com ) which along with LFD ( Login Failure Daemon ) will block the IP address of the offending computer trying to brute force on services such as POP3, SSH, IMAP etc.
Posted by activelobby4u, 10-10-2008, 10:10 AM
apf/bfd is still one of the widely used methods apart from csf/lfd
Posted by WeWatch, 10-10-2008, 10:27 AM
Do you know for sure it's one of your users? Could it be someone else using your VPS? Have you seen the logs?
Posted by psp7492, 10-10-2008, 10:51 AM
If you have already identified the user, why don't you ban the user.
Posted by xwing, 10-10-2008, 11:58 AM
the user has been banned and he admitted that it's just to test the program lol,im just want to avoid this kind of matter happen again on other users.
Posted by Sh3khar, 10-10-2008, 12:10 PM
I doubt any user on your VPS would be running such scripts. Such scripts are mostly uploaded under /tmp, /var/tmp, /dev/shm etc. You can check all the ongoing processes running on your server using the command ps -auxf If the brute force is still going on, you will see the list of IPs the script is connecting to, get the PID of that process from the 2nd column and search the files the process is accessing using the command lsof -p PID Once you figure out the scripts, change the script permissions and kill the processes. Figuring out how the files were uploaded and securing your server accordingly is the next part. Opps, I was posting the same time, when you figure out the client and posted your comments. However, the above commands will definitely help you to catch the user next time. Regards. Last edited by Sh3khar; 10-10-2008 at 12:13 PM. Reason: saw the client already figured out the user and posted his comments


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Anyone who is the reseller of Brinkster? (Views: 480)
PHP Files FastCgi, SuPHP or Mod_PHP? (Views: 472)
oracle question (Views: 516)
swear words (Views: 467)
Strange issue with Windows server (Views: 456)

Language: