What is a Brute Force Attack?

Server security can be complex and time consuming. Therefore, even if you are not responsible for your server’s security, it is a good idea to know security terminology. A brute force attack occurs when a hacker attempts to gain access to a dedicated server or VPS using a standard login (SSH, mail server, FTP, etc.). Since they obviously do not have the username and password to the account, they use software that tries to guess them.

There are three primary ways that an attacker will use to gain access:

1. Manual login attempts. This involves an actual person choosing your server and attempting to guess the password.
2. Dictionary software attack. With this method, the attacker will have software that scans a file containing dictionary words and tries each one for your username and password.
3. Login generator. The attacker’s software will generate random usernames and passwords and try them.

Brute force hacking software is widely available, so the most common method is for the user to use automated software. Because of this, they are probably not specifically targeting your software, but rather scanning for any server that offers access (through SSH or other methods). You can check secure logs (/var/log/secure in Linux) to see if your server is has been subjected to brute force attempts.

For most attacks you can prevent them by having a good strong password that does not use dictionary words and also by restricting the number of login attempts a user can make. You can also change your SSH port or use port knocking software, but these will not prevent more advanced hackers from gaining access.

More sophisticated attacks require more deliberate steps such as banning IP addresses that try multiple logins and using brute force detection software. Unfortunately, even these may not be effective on attacks that mask several different IP addresses.

Unfortunately, there is no foolproof way to prevent brute force attempts, but with the right configuration, you can stop attacks from being successful and hopefully limit the number of retry attempts and stress on server resources.











Comments: