Brute-Force Attack detected in service log

[tomwin]

Hi, i get a lot of Brute-Force Attack on my ROOT and on directadmin. Should I be worried? Why don’t these IP get blocked? I can see that it’s the same IP-addresses all the time.
I have default settings in my settings on Security Settings. Should I change anything?

 

[Zhenyapan]

You can install CSF/LFD to block it.

 

[factor]

look here

https://help.directadmin.com/item.php?id=527

Most use option 3. thanks to @zEitEr

 

[tomwin]

look here

https://help.directadmin.com/item.php?id=527

Most use option 3. thanks to @zEitEr

Thank you for the options. I haven’t decide yet how I should do. Am little bit scare to install a firewall and then maybe I can’t log in my self. I have started to check the Whois of the IP-addresses and email the abuse@ to report brute force attack by there IP-address. Hope they respond and block the use of the IP-address that abuse. But maybe they don’t care.

 

[factor]

In the install of csf it sets your IP of your current computer aka "what's my IP" in the Allow file. You should have some kind of KVM type backup with your Host or infrastructure provider as well. At a minimum, you open a support ticket and they will clear the block for you.

Also, don't wait long as Hackers will be hitting your box all day and start trying to move into the open house you are providing. We all have firewalls installed. Happy learning... Welcome, btw we are all here to help.

 

[factor]

abuse@ to report brute force attack by there IP-adrdress

it great to report but you will be busy reporting..... its like the Wild west out there...

 

[tomwin]

you open a support ticket and they will clear the block for you.

But i don’t have any support included in my licence, I only have a personal licence, Will the support help me out anyway?

 

[factor]

Will the support help me out anyway?

No. Which is why it is super cheap.

You should have some kind of KVM type backup with your Host or infrastructure provider as well.

I am here referring to the company you bought your server at not the DirectAdmin company. More like the VPS or server company.

 

[tomwin]

I am here referring to the company you bought your server at not the DirectAdmin company. More like the VPS or server company.

Oh, i see. I didn’t thought about that. Thank you for the tips. I will get into this firewall installation first in tomorrow morning. Not so good to start this on a Sunday evening if i do something wrong. I don’t think they break in to my hosting tonight.

 

[tomwin]

Hi, decided to choose the 3rd option here https://help.directadmin.com/item.php?id=527 but when I finished I got this. Did it work or did it not install a it? Please have a look someon.

wget http://files.directadmin.com/services/all/csf/csf_install.sh

--2020-04-27 00:02:57-- http://files.directadmin.com/services/all/csf/csf_install.sh

Resolving files.directadmin.com (files.directadmin.com)... 185.42.221.168, 104.128.54.74, 69.162.69.58

Connecting to files.directadmin.com (files.directadmin.com)|185.42.221.168|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 3434 (3.4K) [text/plain]

Saving to: ‘csf_install.sh.1’



csf_install.sh.1 100%[====================================================================================================>] 3.35K --.-KB/s in 0s



2020-04-27 00:02:57 (318 MB/s) - ‘csf_install.sh.1’ saved [3434/3434]



[root@server-***** ~]# /bin/sh ./csf_install.sh

--2020-04-27 00:02:59-- https://download.configserver.com/csf.tgz

Resolving download.configserver.com (download.configserver.com)... 94.130.90.175

Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 2076517 (2.0M) [application/x-gzip]

Saving to: ‘csf.tgz’



csf.tgz 100%[====================================================================================================>] 1.98M --.-KB/s in 0.06s



2020-04-27 00:02:59 (32.6 MB/s) - ‘csf.tgz’ saved [2076517/2076517]



open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j ACCEPT failed: No such file or directory at ./csftest.pl line 144.

Testing ip_tables/iptable_filter...open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j ACCEPT failed: No such file or directory at ./csftest.pl line 144.





CSF test did not pass. Will not continue

 

[factor]

looks like you dont have iptables installed.

what linux distro are you using? if centos try

yum install iptables ipset

 

[tomwin]

looks like you dont have iptables installed.

what linux distro are you using? if centos try

Thank you, after install Iptables the install of CSF did work fine. It say now install complete.

 

[tomwin]

And now what do I do now after it is installed, no need for more settings? This CSF do it automatic by it self or?

 

[factor]

right on. buddy. Now go configure it in the GUI.

 

[tomwin]

Now go configure it. in the GUI

Sorry but I’m kinda newbie but fast learning. What do you mean by configure it in the GUI? Where is that?

 

[factor]

login as Admin
goto the Extra Feature section. Do you see plugin item called Configure server firewall?

 

[factor]

yum install perl-LWP-Protocol-https perl-Crypt-SSLeay perl-Sys-Syslog

You may want to make sure these are installed as well

 

[tomwin]

login as Admin
goto the Extra Feature section. Do you see plugin item called Configure server firewall?

Yes, now I got it installed and I can see it in extras and under ConfigServer Security & Firewall

 

[tomwin]

yum install perl-LWP-Protocol-https perl-Crypt-SSLeay perl-Sys-Syslog

It looks like I already got this installed

 

[factor]

good deal.