Brute force attack protection can be quite simple if the nature of the attack is well understood. Since this is one of the most common online intrusion methods into cloud servers, let’s explore brute force attack into greater depth for your infrastructure security, as well as considering a free and useful tool for brute force attack protection!

1. What is a brute force attack?

Put simply, it is a trial-and-error method of keep guessing the password to a website, email service, or any password-protected applications in an attempt of getting the correct password and login to the service.

2. Where is brute force attack usually carried out?

Brute force attack can be as simple as you have forgotten a password therefore you have to try several times with a few password combinations that you usually use – your personal luggage, access door, Windows login screen, to name a few. Of course, in cloud server environment, these are usually the target and they are carried out by programs that test the password from a dictionary list, at high speed/frequency:

• Secure Shell (SSH) or Remote Desktop
• Website administrator login, such as WordPress or Magento administrator login page
• Email service, through email client or webmail
• Databases

3. How can brute force be prevented?

Since we understand how brute force attack is carried out, it is evident that an effective way to carry out brute force attack protection is to automatically deny an access after several failed login attempts. Most software will have a “cooling period” whereby if you failed to login with several guessed password, you will have to wait for a couple of minutes before you can try again.

On cloud environment, the “cooling period” is effective an IP deny list. A good brute force protection software will recognise the attack pattern across multiple services or ports and deny the IP address automatically after several failed attempt. The IP deny list is then a consolidated IP addresses that allow you to review for permanent blacklist, remove those accidentally blocked ones (such as yourself) or if you do nothing to it, it will be flushed after a couple of days.

4. ConfigServer Firewall Login Failure Daemon

If you wish to protect yourself from brute force attacks on Linux cloud servers, check out a good software firewall by ConfigServer. Its Login Failure Daemon (lfd) offers great protection against brute force attack. And yes, nothing beats free software!

SecureAX is a cloud computing provider with a strong niche in cloud security. Be sure to check out our Linux Cloud Server or cPanel & Directadmin Cloud Server which are pre-installed with ConfigServer Firewall, in addition to other useful tools and server hardening techniques to protect your applications on the cloud. Contact us to discuss your requirements with us today!