Brute-Force Attack

[dareksbs]

Hello,

Last week I install directadmin on my server, right now I got 1200 Brute-Force Attacks... What I have to setup on my server to block this attacks ?? iptables is not enough, because when I blocked one IP tomorrow will be another 10 new one. What software is the best for defense ?? Fail2ban ? CFS ?

 

[scsi]

What are the attacks on ssh or directadmin?

I always use cfs on all my servers.

http://help.directadmin.com/item.php?id=404

 

[dareksbs]

What are the attacks on ssh or directadmin?

I always use cfs on all my servers.

http://help.directadmin.com/item.php?id=404

I did this already, I setup everything to 10, and I still get lots of Brute-Force Attack. Any idea how I can stop it ??

 

[czotos]

Follow this guide:

http://help.directadmin.com/item.php?id=380

 

[zEitEr]

I did this already, I setup everything to 10, and I still get lots of Brute-Force Attack. Any idea how I can stop it ??

To completely stop Bruteforce attacks you should deny access to your server with firewall for IPs except yours. I guess that's not what you want; so there is no other way to stop attacks while your server is online and accessable world wide. All protection measures here are done as postponed. It means an attacker starts bruteforcing, a security software detects it and blocks an IP of attacker. If it's a botnet then every single IP might send 1-10 tries to authenticate, and hardly BFM can detect it with default settings. If the emails are irritating you might want to supress them: http://help.directadmin.com/item.php?id=549