Brute Force Attacks
There's been a marked escalation of Brute Force Attacks aimed at popular web applications recently!
First let's establish what is a Brute Force Attack?
Essentially it's a number of remote computers who control thousands of other infected computers that bombard your site with hits from thousands of IP addresses. Their target is the Administrator login area in an attempt to get access.
Besides the risk of them getting access, there's also the knock-on effect of this extreme volume of traffic on the server itself. This sort of scenario can bring a server to a complete halt with all sites going offline as a result. But in the case of recent attacks nobody else was affected.....only the actual site that was under attack. And we can thank Cloud Linux for that!
So what can you do about this very real threat?
The only solution is the installation of a commercial firewall on your site BEFORE an attack happens! I'm not going to openly divulge what it is and what it does for obvious reasons....but it works!
Be aware that if you do come under Brute Force attack without the firewall then Cloud Linux will just take your site offline till the attack subsides. That way no other clients are affected.....just YOU! How long until it comes back online again? That depends on how long the attack is sustained for......the last one was hitting the server from 8500 IP addresses, so it's not as if we can blacklist 1 IP and be done with it. If only it was that simple!
When the attack subsides we will then be able to access the site and install the firewall to prevent any further disruption. But until that point we're limited in what we can do because the attacks are coming in thick and fast from thousands of locations throughout the world. So if you're the next target be prepared for some downtime if you don't have this firewall in place ready.
One thing I can confirm though.....no sites were compromised in any way and nobody got access. We're proud of that because it's a testament to what we already have in place! But with the site firewall as an additional security layer we'll then be in a position to pick them off en-route.....well before the stage where the site goes offline. If you want business continuity, then this is the way forward.
Effectively, the bar has now been raised in terms of security threats. So to counteract this we've got to offer additional commercial security applications installed into the sites (not the server) to protect our clients' interests. We're certainly not burying our heads in the sand! If you choose to bury your head in the sand then that's your choice....but be aware it's only a matter of time before somebody else becomes the next victim. Really, the only question on my mind is "Who's Next?"