Knowledgebase

Portal Home > Knowledgebase > Articles Database > brute force security help


brute force security help




Posted by bambinou, 08-18-2009, 01:59 PM
Hello, I have a dedicated server running red hat, I have noticed in the WHM panel that there is a brute force software that only works for all the logins linked to the server cpanel/WHM. In my future website in PHP I will have 5 different types of logins, do you know a free software my web developers could link to each logins in order to protect them against password crakers/brute force attacks? Something easy to install. Many Thanks, BamBam
Posted by smajer, 08-18-2009, 09:28 PM
Hello, CPHulk shoud be able to do it for various services: http://www.thewebhostinghero.com/tutorials/cphulk.html
Posted by bambinou, 08-19-2009, 03:39 AM
Thanx mate, I am going to have a look at it now Regards, BamBam
Posted by abdicar, 08-30-2009, 10:05 PM
CPHulk works perfecly for us.
Posted by bambinou, 08-31-2009, 03:27 AM
Do you know anywhere a good tutorial in order to install CPhulk in a php website rather than in wmh or cpanel? Many Thanks, BamBam
Posted by JoJoKinkaid, 09-01-2009, 12:46 AM
Brute force never worked for us for the application you describe.
Posted by bambinou, 09-01-2009, 05:25 AM
ok I got a little trick from the server provider Some guys from the server support told me to password protect the page I wanted to secure, not the full directory but only a single file by adding a .htpasswd file with md5 encrypted code and this code on the .htaccess: order deny,allow #deny from all allow from 333.333.333.333 allow from 111.222.333.333 AuthName "Please Login" AuthType Basic AuthUserFile /home/mysite/public_html/.htpasswd Require valid-user By having this, I and my programmers(living in a different country) can access the site admin panel, now by password protecting the site this way,apparently a log will be created each time a user logs in, the brute force software then anaylise all the server logs every(whatever time it is set at), if it sees an ip trying to access this protected page many time,the brute force will then kick this ip out. This is a great method to protect your admin site page apparently. so now I have to login page, one password protected by the .htpasswd and then my own admin login page, if the guys can pass through both then he is a kind of god......


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Need Suggestions ASAP (Views: 479)
Why does Apache show an index of wp-content/uploads? (Views: 506)
As a reseller would you rather: (Views: 481)
need reseller windows (Views: 479)
port scanning by Amazon Web Services (Views: 457)

Language: