how to stop brute force attack

I

Iskandar

Verified User
Joined
Aug 19, 2020
Messages
98
Dear..
How to stop brute force attack that often appears hundreds of times even though it is declared failed to login.
in setting administration we have limited 2 times
thanks for the help

--------------
A brute force attack has been detected in one of your service logs.

User user has 104 failed login attempts: sshd4=104

Check 'Admin Level -> Brute Force Monitor' for more information

Securing DirectAdmin | Directadmin Docs

DirectAdmin Knowledge Base
help.directadmin.com
 
Doesn't the firewall block the ip?
You can't stop attemts, they will always happen. Over some periods of times it can be weeks of hundreds or thousends and then suddenly it's rather quiet for some time again.

As for SSH... start with changing the port number, you will at least have more peace in the logs about ssh attacks if port 22 is not used anymore.
 
Richard G said:
Good link. This is nowadays automatically done in DA when DA is installed by default. So it might already be working for some.
Click to expand...
Is not working "nowadays", I tested and is not blocking anything. After I did that page was working. Still for me being a developer all the DA documentation is very confuse.

Regards,
George B.
 
rowebca said:
Is not working "nowadays", I tested and is not blocking anything.
Click to expand...
By you tested, you meant doing fresh installation with ./setup.sh auto and this did not work as should be?
That would be very odd, because for others it is working as far as I know.

However it doesn't matter, because like I said, it's a good link and one can always use that if it's not working by default.
Poralix (Zeiter on the forums here) made some very nice manuals.
 
To show you one of many examples of confusion, I updated Apache an after if I access the hostname (https://host.domain.tld) shows: "Apache is functioning normally" not like was before "Nginx is functioning normally", so now it is Nginx working properly? Or no?
Many things like this, like Config Server Firewall with or without "auto" option when I installed DA, if I see CSF in my admin panel (Extra Features) and CSF is not on "test", it should be automatically configured with BFA. To going back to my example with "Nginx is functioning normally" I had to reinstall (build) "nginx_apache" to go back from "Apache is functioning normally" to normal "Nginx is functioning normally". One more thing, the update was done inside Admin panel with custombuild, not from command line. So, please explain this to me, make no sense for me.

PS. I don't know why when I see your picture with that dog, it reminds me about past...maybe from another forum. :)

Regards
George B.
 
Hello George.
Well.. this is my youngest dog, but I like the picture with the spooky eyes. Never had used it on other forums though so might be somebody else with a similar dog. :)

As for your issues with Apache and Nginx, I don't know, sometimes that happens, however....
rowebca said:
the update was done inside Admin panel with custombuild, not from command line.
Click to expand...
As this should work as good as via commandline, it happens that this is not always the case. It makes live easier for somebody who wants it, but I never use that. I've also encountered once that via custombuild something did not work or not good and via console there was no issue. After a fix and an update of the custombuild plugin, it worked fine again.
I don't want to run into things which could or might be caused by a plugin, so thats why I'm doing every update via console. Benefit of that is that I instantly seen if something is going wrong and that it's indeed some real issue and not something caused by the plugin.
I'm not saying this was the cause at your server too, maybe, maybe not. Hard to say.

As for the examples you say, well... once a while we see these on the forums, but mostly not, which would made my opinion stronger that on most systems these things work well.
But we see strange things happening, where some people have issues with something, and others don't. For example take the apache 2.5.0 and 2.5.2 issue, where now 2.5.1 is set back as the latest update, because of the issue.
If I could explain it, I would love it, but I can't. It's just sometimes things happen on some servers which aren't easily explained.
 
penuh terinspirasi.

tehnologi akan selalu berkembang menuju hasil yang lebih baik.

gbu
 
Oh yes.. i'm sorry...

full of inspiration.

technology will always evolve towards better results.

gbu
 
Richard G said:
Hello George.
Well.. this is my youngest dog, but I like the picture with the spooky eyes. Never had used it on other forums though so might be somebody else with a similar dog. :)

As for your issues with Apache and Nginx, I don't know, sometimes that happens, however....

As this should work as good as via commandline, it happens that this is not always the case. It makes live easier for somebody who wants it, but I never use that. I've also encountered once that via custombuild something did not work or not good and via console there was no issue. After a fix and an update of the custombuild plugin, it worked fine again.
I don't want to run into things which could or might be caused by a plugin, so thats why I'm doing every update via console. Benefit of that is that I instantly seen if something is going wrong and that it's indeed some real issue and not something caused by the plugin.
I'm not saying this was the cause at your server too, maybe, maybe not. Hard to say.

As for the examples you say, well... once a while we see these on the forums, but mostly not, which would made my opinion stronger that on most systems these things work well.
But we see strange things happening, where some people have issues with something, and others don't. For example take the apache 2.5.0 and 2.5.2 issue, where now 2.5.1 is set back as the latest update, because of the issue.
If I could explain it, I would love it, but I can't. It's just sometimes things happen on some servers which aren't easily explained.
Click to expand...

Like you, I like more from command line to execute than from app. I am a developer and when I build something for my customers I won't sell it until is check, re-check and well documented so my clients won't ask me anything about how-to (probably I am old fashion and a perfectionist). There is no such things like "strange happening" just bugs, my opinion again. But you are more optimistic that I am :)

Thanks.

Regards,
George B.
 
rowebca said:
There is no such things like "strange happening" just bugs, my opinion again.
Click to expand...
Well I don't know how many years you are in hosting now, but I thought the same as you did. Until I encountered some strange happenings over the years, no bugs, unexplainable, sometimes gone as quickly as it came. Or sometimes gone after a reboot and never came back. Maybe that made me a bit more optimistic. :)
But for the most... I agree with you, most things are leaks or bugs and often I too dug into it until I find a fix, not a workaround. Also old fashened and bit of a perfectionist.
 
Richard G said:
Well I don't know how many years you are in hosting now, but I thought the same as you did.
Click to expand...
I am in webhosting since 2003, and before I worked in IT back in Europe, working on Internet security, and funny thing I started in 2003 with free webhosting that for me being paranoid security developer was a lot of action. :) I don't really like to post a lot, "more quit you are more you can listen". :)

Regards,
George B.
 
Oh 2003, that's longer than me when looking at hosting at least. :)
I don't judge people mostly on their posts anyway but sometimes I get doubts looking at the combination of join date and post amount, which also does not always mean anything. But makes me curious.

However still.... then I'm wondered that you never encountered strange happenings. But there is still time. ;)
 
You must log in or register to reply here.
Back
Top