Best Practices for DDoS Attacks and Brute Force

DDoS Attacks

Wanting to protect your server from any future DDoS attacks? You can setup a free CloudFlare account which will not only prevent future DDoS attacks from hitting your server but it could also improve the speed of your websites!

CloudFlare is a CDN (Content Distribution Network) which provides a middleman between your website viewers and your webserver. To set this up you will first need to make an account at https://www.cloudflare.com. Once you've setup your account, you can begin adding domains that you want protected.

Adding domains will involve copying the DNS Records from your nameservers to the CloudFlare control panel. Once all records have been copied you will want to update the the nameservers at your domain registrar to reflect the ones provided at CloudFlare (these will be provided at setup of your domain on the CloudFlare control panel). Simple. Give it some time to propagate and you will be protected from DDoS attacks!

If your website is under a DDoS attack, please contact our support team immediatly so we can go through the process to mitigate it. This will include a change of IP as well as setting up cloudflare so your website IP is not found easily by the attacker.

 

Brute Force Attacks

Many servers online are constantly being attacked by a technique called Brute Forcing. This is the act of continuously trying to login to a server using different combinations of usernames and passwords. During the attack, your server has a built in defense mechanisms to block these attacks (by banning an IP that has multiple failed login attempts). This however will cause your server to use more resources on banning the IP's causing your server and/or websites to perform slower.

If you server seems to be running slow and you see the logs showing a brute force attack, it would be a good idea to change your SSH port from the default (22 -> 2201). Rather than blocking an IP, your server will automatically drop the connection. To do this, please follow the instructions below:

  1. Login to your server via SSH (Putty)
  2. Open up the ssh config file: $ nano /etc/ssh/sshd_config
  3. Uncomment the line that sets the Port number (comments are established with the pound sign (#)) and change the port.
    #Port 22
    ->
    Port ????
  4. Save the file (Ctrl-X with nano).
Restart the SSH daemon: $ service sshd restart
  • 83 Usuários acharam útil
Esta resposta lhe foi útil?

Artigos Relacionados

Finding scripts responsible for Email / Spam

Sometimes you will find that your servers IP address is becoming blacklisted because of spaming...

Linux Security - Access Logs

It is very common for public facing servers to have brute forcing attempts against them. In this...