lfd sshd bruteforce
Dear All
I have so much attack notification from cpanel, how to defends sshd or other service bruteforces attack? although I have change my sshd port but still there an attack to sshd, how to prevent it?
Time: Fri Mar 27 10:36:26 2015 +0700
IP: 80.82.70.167 (NL/Netherlands/-)
Failures: 5 (smtpauth)
Interval: 3600 seconds
Blocked: Permanent Block
Log entries:
2015-03-27 09:44:21 dovecot_login authenticator failed for (User)
[80.82.70.167]:35016: 535 Incorrect authentication data
(set_id=test@enrichstardevelopment.com)
2015-03-27 09:44:28 dovecot_login authenticator failed for (User)
[80.82.70.167]:35016: 535 Incorrect authentication data
(set_id=test@enrichstardevelopment.com)
2015-03-27 09:44:39 dovecot_login authenticator failed for (User)
[80.82.70.167]:35016: 535 Incorrect authentication data
(set_id=test@enrichstardevelopment.com)
2015-03-27 10:36:15 dovecot_login authenticator failed for (User)
[80.82.70.167]:33963: 535 Incorrect authentication data
(set_id=info@enrichstardevelopment.com)
2015-03-27 10:36:22 dovecot_login authenticator failed for (User)
[80.82.70.167]:33963: 535 Incorrect authentication data
(set_id=info@enrichstardevelopment.com)
-
Hey, Changing the SSH port to a custom one should reduce the number of brute-force attacks which you get. The above one which you posted is towards your mail-server. There is always these sort of attacks and the good thing is your LFD / CSF is blocking these sort of attacks ( as you can see from the above logs ). The IP which attempts to give in 5 login credentials in a row within a time-frame of 3600 seconds is blocked permanently. Just make sure you dont have accounts such as test@domain.com with weak passwords. Make sure your passwords are strong and complex enough. These sort of attacks happen everytime. 0 -
Yes, logs shows that attack is on your mail server. Set complicated password for that account or if that email account is present on the server then disable it temporary. 0 -
is there are other step for defends smto auth and imap? besides of make strong password for email? 0 -
Hello, The best options available to you are to use strong passwords, install a third-party firewall management tool such as CSF/LFD, and to enable cPHulk brute force protection. Thank you. 0
Please sign in to leave a comment.
Comments
4 comments