Portal Home > Knowledgebase > Articles Database > should i be worried?


should i be worried?




Posted by tonytz, 09-18-2011, 09:17 PM
I just got a new dedicated box about 5 days ago with direct admin installed. However, I have been checking the bruteforce logs and it appears that in the past 5 days there have been roughly 1500+ bruteforce attempts logged. It looks like that the previous owner of the ip hosted a lot of websites. Should I ask my provider to give me new ips or should installation of firewall/bruteforce protection be enough? Please advice me on what to do, thank you!

Posted by T-Junk, 09-19-2011, 12:54 AM
You probably need not worry about it if you have strong passwords on whatever it is they're trying to crack with brute force (probably PHPmyAdmin) and as long as you aren't getting hit so hard that it's causing bandwidth and performance issues. It would however be a good idea to ban the IP's your logs say are hitting you.

Posted by RaidLogic, 09-19-2011, 01:43 AM
Install a firewall, you can try csf/ldf or apf/bfd to automaticly detect bruteforce and ban the ip's Hope this helps Cheers

Posted by tonytz, 09-19-2011, 01:52 AM
Thank you for the answers! I feel reassured

Posted by Red Squirrel, 09-19-2011, 11:12 AM
Install fail2ban, and put ssh on another port. Another port will prevent most bots from flooding the logs, and if one DOES try on the other port it will get blocked after 3 tries. Otherwise, they will eventually get in. Could be months, years, but eventually they'll hit a combination that works. Oh and if you change the port double check your firewall settings or you might lock yourself out after you restart the sshd service. Been there done that. Then test fail2ban from another location to ensure it does block the IP. Set it to block for like an hour, not forever.

Posted by tonytz, 09-19-2011, 03:56 PM
Thanks for the suggestion. However, I have installed CSF/LFD per the above comments so does fail2ban add any additional protection?



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
remarkablehosting? (Views: 555)