{"id":30083,"date":"2021-01-18T03:09:35","date_gmt":"2021-01-17T19:09:35","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&#038;p=30083"},"modified":"2022-09-08T21:36:28","modified_gmt":"2022-09-08T13:36:28","slug":"what-is-a-brute-force-attack","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/what-is-a-brute-force-attack","title":{"rendered":"What is a BRUTE-FORCE ATTACK?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"30083\" class=\"elementor elementor-30083\" data-elementor-post-type=\"kb\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-537f234 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"537f234\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8c9b101\" data-id=\"8c9b101\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4ad2614 elementor-widget elementor-widget-heading\" data-id=\"4ad2614\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is a BRUTE-FORCE ATTACK?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0f9156c elementor-widget elementor-widget-text-editor\" data-id=\"0f9156c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p data-aura-rendered-by=\"12:206;a\">Brute-Force Attacks occur <strong>when an attacker attempts to calculate every possible combination that could make up a password and test against your site<\/strong> to see if it is a correct password. This can be done either by <strong>using dictionary words or trying to guess the key<\/strong> created by key derivation functions to encrypt passwords into a secret value.<\/p><p data-aura-rendered-by=\"12:206;a\">In addition, attackers use a computer program or script, which automatically attempts all possible combinations to gain access. As computer hardware becomes faster and capable of doing more calculations per second, brute force attacks have become more popular as a means to obtain sensitive information stored in databases and other web applications.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3597d65 elementor-widget elementor-widget-heading\" data-id=\"3597d65\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Recognizing Brute-Force Attacks<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-97aeb37 elementor-widget elementor-widget-text-editor\" data-id=\"97aeb37\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p data-aura-rendered-by=\"12:206;a\">Brute-force attacks are detectable by their volume, rather than the type. You\u2019ll notice a large amount of failed login attempts in your web logs. You may also see the same account logging in over and over with different passwords and from multiple IP addresses.<\/p><p data-aura-rendered-by=\"12:206;a\">Here is a list of logs to check:<\/p><p data-aura-rendered-by=\"12:206;a\"><strong>Service Logs:<\/strong><\/p><ul><li style=\"list-style-type: none;\"><ul data-aura-rendered-by=\"12:206;a\"><li>\/var\/log\/maillog or \/var\/log\/mail.log \u2013 Email service logs<\/li><li>\/var\/log\/exim_mainlog \u2013 Exim logs<\/li><li>\/var\/log\/messages \u2013 FTP logs<\/li><li>\/var\/log\/auth.log or \/var\/log\/secure \u2013 Contains user authorization information<\/li><\/ul><\/li><\/ul><p data-aura-rendered-by=\"12:206;a\"><strong>cPanel\/WHM Logs:<\/strong><\/p><ul><li style=\"list-style-type: none;\"><ul data-aura-rendered-by=\"12:206;a\"><li>\/usr\/local\/cpanel\/logs<\/li><li>\/var\/log\/lfd.log<\/li><\/ul><\/li><\/ul><p data-aura-rendered-by=\"12:206;a\">You can check these logs either by command line or within WHM under the <strong>ConfigServer Security &amp; Firewall (CSF)<\/strong> home page. Moreover, you can search (grep) system logs or watch (tail) system logs from there.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b3f9cb3 elementor-widget elementor-widget-heading\" data-id=\"b3f9cb3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Defending Against Brute-Force Attacks<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-66d8483 elementor-widget elementor-widget-heading\" data-id=\"66d8483\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">ConfigServer Security & Firewall with Login Failure Daemon<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f22a838 elementor-widget elementor-widget-text-editor\" data-id=\"f22a838\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Most of our managed cPanel servers have <a href=\"https:\/\/configserver.com\/cp\/csf.html\" class=\"broken_link\" rel=\"noopener\"><strong>ConfigServer Security &amp; Firewall (CSF)<\/strong><\/a> enabled with iptables and <strong>Login Failure Daemon (LFD)<\/strong>, a service built into CSF. LFD periodically <strong>checks for potential threats<\/strong> to a server. It looks for brute-force login attempts and if found, will block the IP address attempting to attack your server.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-170ba20 elementor-widget elementor-widget-heading\" data-id=\"170ba20\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">cPHulk<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-82d2901 elementor-widget elementor-widget-text-editor\" data-id=\"82d2901\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Furthermore, you can also enable cPHulk as another method of Brute-Force Detection. cPHulk is a <strong>security feature on cPanel<\/strong> servers that locks down the cPanel and WHM logins, SSH logins, FTP logins and IMAP\/POP3 logins. It will block IP\u2019s after too many failed logins from a single IP address.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3cad0a0 elementor-widget elementor-widget-heading\" data-id=\"3cad0a0\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Security Best Practices<\/h3>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c763304 elementor-widget elementor-widget-text-editor\" data-id=\"c763304\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p data-aura-rendered-by=\"12:206;a\">In addition to checking your logs and using LFD, there are additional security best practices you can implement to secure your server. Here is a list of these best practices which are linked to articles to help you secure your server:<\/p><ul><li style=\"list-style-type: none;\"><ul><li data-aura-rendered-by=\"12:206;a\">Create a<strong> secure password<\/strong><\/li><li data-aura-rendered-by=\"12:206;a\">Require <strong>strong passwords<\/strong><\/li><li data-aura-rendered-by=\"12:206;a\">Set up <strong>alternate SSH users<\/strong><\/li><li data-aura-rendered-by=\"12:206;a\">Use <strong>SSH keys<\/strong><\/li><li data-aura-rendered-by=\"12:206;a\">Use <strong>reCaptcha<\/strong> for user registrations to help keep brute-force bots from being able to enter your site with fictional credentials<\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2d5cf4e elementor-widget elementor-widget-text-editor\" data-id=\"2d5cf4e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Check out <a href=\"https:\/\/www.casbay.com.my\/guide\/kb\/what-are-the-most-commonly-used-ports-cpanel\/\">What are the most commonly used ports?<\/a><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>What is a BRUTE-FORCE ATTACK? Brute-Force Attacks occur when an attacker attempts to calculate every possible combination that could make up a password and test against your site to see if it is a correct password. This can be done either by using dictionary words or trying to guess the key created by key derivation [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[117],"kbtag":[106],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/30083"}],"collection":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/comments?post=30083"}],"version-history":[{"count":4,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/30083\/revisions"}],"predecessor-version":[{"id":37089,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kb\/30083\/revisions\/37089"}],"wp:attachment":[{"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/media?parent=30083"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=30083"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/kbtag?post=30083"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.casbay.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=30083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}