Preventing Brute Force Attacks

Blocking and preventing brute force attacks is one of the main things you want to do on your web server to add a layer of security. While someone might not be targeting your site or server specifically, they will have automated tools that will try to guess random usernames and passwords that are common against your system. Theyre essentially forcing their way to user only authorized areas of a system, such as FTP accounts, e-mail accounts, databases, script based administration areas and root or any shell access are most common attempts. They will try multiple login attempts, guessing usernames and passwords, trying to force their way onto your machine.

How the brute force attack works
Hackers can try to get into your system using a few different methods.

1) Manual login attempts, they will try to type in a few usernames and passwords

2) Dictionary based attacks, automated scripts and programs will try guessing thousands of usernames and passwords from a dictionary file, sometimes a file for usernames and another file for passwords.

3) Generated logins, a cracking program will generate random usernames set by the user. They could generate numbers only, a combination of numbers and letters or other combinations.

Signs of a brute force attempt
You can easily spot a brute force attempt by checking your servers log files. You will see a series of failed login attempts for the service theyre trying to break into.

# pico /var/log/secure
or
# tail f /var/log/secure

Check for failed login attemps such as:
Apr 11 19:02:10 fox proftpd[6950]: yourserver (usersip[usersip]) - USER theusername (Login failed): Incorrect password.

How to prevent a brute force attack
There are a few main ways to stop a brute force attack well cover;

1)