Brute-force attacks are a common security threat where hackers attempt to gain access to your VPS or website by systematically trying different username and password combinations. Fortunately, there are effective methods to protect your server and web applications from such attacks.
1. Use Strong, Unique Passwords
-
Always set strong passwords that include uppercase, lowercase, numbers, and special characters.
-
Avoid using default usernames like admin or root.
-
Use a password manager to generate and store complex passwords securely.
2. Enable Two-Factor Authentication (2FA)
-
Add an extra layer of protection by enabling 2FA wherever possible (SSH, control panel, WordPress, etc.).
-
Use apps like Google Authenticator or Authy for secure 2FA codes.
3. Limit Login Attempts
-
For WordPress or other CMS: Use plugins like Limit Login Attempts Reloaded or Wordfence to block repeated failed login attempts.
-
For Linux servers: Use tools like fail2ban to monitor logs and ban IPs after multiple failed login attempts.
4. Change Default Ports
-
Change the default SSH port (22) to a custom port to reduce automated attack attempts.
-
Update your firewall rules accordingly.
5. Use a Firewall
-
Configure a firewall like UFW, CSF, or firewalld to block unauthorized access.
-
Allow only required ports such as HTTP (80), HTTPS (443), and your custom SSH port.
6. Install fail2ban on Your VPS
Fail2ban protects your VPS by monitoring log files and banning IPs with suspicious activity.
To install on CentOS/RHEL:
yum install epel-release
yum install fail2ban
systemctl enable fail2ban
systemctl start fail2banTo install on Ubuntu/Debian:
apt update
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
7. Use Cloud-Based Protection (Optional)
-
Services like Cloudflare offer DDoS and brute-force protection.
-
You can also enable Web Application Firewall (WAF) to block malicious traffic before it reaches your server.
8. Monitor Login Logs
-
Regularly check SSH and web login logs for unusual login attempts.
-
On Linux, check:
cat /var/log/secure # For CentOS/RHEL
cat /var/log/auth.log # For Ubuntu/Debian
9. Keep Software and Server Updated
-
Always update your CMS, plugins, themes, and server packages.
-
Security patches help fix vulnerabilities that can be exploited in brute-force attacks.
Need Help?
If you need help implementing any of these security measures on your VPS or website, feel free to contact our support team at https://my.hosteons.com.
