The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How often do you get BFD attacks?

Discussion in 'General Discussion' started by digitard, Apr 28, 2005.

  1. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    After recently doing a bunch to secure my server (thanks to you guys in the forums for all the great info I have read) I've had BFD running in the background to take care of Brute Force stuff and notify me. I had NO idea how often people try to break into my box and shut down APF.

    How often do you get a BFD warning in email saying it banned someone and they tried to run /etc/apf/apf -d as their script?

    Luckily I have only 1 SSH access login on my box and its non-standard (so no dictionary attack will figure it out most likely) and the password is numbers, letters (capital and lowercase) and special characters so I feel its the best I can do security wise on the password.

    I recieved 15 today... and average 4-10 a day. I'm sure those of you who have larger servers w/ a larger client base probably recieve it a LOT more.

    How often do you get a BFD attempt?
     
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    BFD runs the apf script, not the wannabe hackers.

    I've had about 20 today, normally i get 20 a week.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Often it seems to depend who had the IP address range before you as to how many brute force hits you get. I have some severs that rarely get any and some that get 50+ a day. But, at least now it's doing its thing :)
     
  4. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Yeah each time I get that I get a lil more faith in how I setup APF and other security programs.

    I dont know why though the past 48hrs seems to be 'super attempt' season on my server. I know its either the same people spoofing IP's, or my IP has been posted as a 'try to shut down the server' board or something cause its the same stupid dictionary list (if I have to see DARKMAN one more time!!!) but still its sorta annoying...lol.

    Oooh while I was typing I got another one! lol.

    Its all good though. I listened to what you guys had to say here about securing my server and I'm not worried about someone gaining SSH casue root login is off and only 1 user (myself) has SSH access and the login is damn near impossible to just 'guess'.
     
  5. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Mostly they are just automated attacks from infected machines. Recognise the user "test" or "patrick", occasionally I even get the user "root".

    I removed all ip's from the deny file when rebooting the server couple of days ago. Again today I've had over 20 attacks - which again is unusual. Maybe there's another successful windows virus out there again... There were 5 serious Windows vulnerabilities a couple of weeks ago.
     
  6. webits

    webits Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    16
    I hope you changed the PORT SSH, I use to have loads of kiddies trying to gain access to my BOX, so i changed the SSH PORT, put all the necarray ports to be open and out going and bang, never again did I've a problem just with some FTP login failures trying to gain access :)
     
  7. digitard

    digitard Well-Known Member

    Joined:
    Aug 13, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    I haven't changed my SSH port... yet. Its on my 'list of things to do' but I'm getting married in less than 48hrs (lol) so my 'webserver updates' are on hold til I get back cause I wanna be able to thoroughly test things before I say 'okay' and leave it alone for 4 days while I'm gone.
     
  8. brianc

    brianc Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Congratulations!

    Congratulations! Marriage is a good institution and I have been married for 11 years now and each year is better than the previous.

    <blush>Sorry for the off-topic reply.</blush>

    Brian
     
  9. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    836
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    He's right... 21 for me... not always easy, but worth it in the long run... Good Luck :)
     
  10. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I recevied 18,000 in one morning. I changed to ssh port. Something is definitely out there.
     
  11. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    I'm new to the dedicated server arena after being a reseller for a long time. I've had the new server for about 3 weeks and I got m first BF attack this morning.

    I don't allow shell/telnet access on my server (except for root). How would I go about changing the SSH port? Should I be using something else other than root for extra security? Any recommendations? (I'm new to CPanel and using a server with Red Hat Linux OS installed)

    Thanks,
    BX

    P.S. Congrats Brian.
     
  12. brianc

    brianc Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
  13. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, Brian!
     
  14. rligg

    rligg Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    16
    why not just deny access from all ips with the exception of a few?
     
  15. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Be careful doing that - most ISP's (for people that work from home) use dynamic IP's and you could get locked out...
     
  16. rligg

    rligg Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    16
    :) True. I don't give out SSH, unless someone has a fixed ip address.
     
Loading...

Share This Page