How to install Brute Force detection on your dedicated server

May 13, 2011 / Servers, Hosting & Email

Brute Force Detection is a Free tool that can be used to avoid brute force attacks over your web hosting UK servers. The main intention of this attack is to gain SSH/Root access to the server by making use of an algorithm which is capable of running different permutations and combinations to guess the password.

Brute Force Detection (BFD) is a modular shell script designed to parse relevant logs and detect authentication failures. In today’s world, hackers often use brute force attacks to gain unauthorized access to servers. BFD is easy to install, configure, and use, making it accessible for anyone to implement and protect their server from such threats.

Brute Force Detection is available at: http://www.rfxnetworks.com/bfd.php

This guide will walk you through the steps to install and configure BFD, helping you safeguard your dedicated server against brute force attack attempts.

Requirements:

  1. You must have the APF Firewall installed prior to setting up BFD, as BFD integrates with APF and relies on certain APF files to function.
  2. Root SSH access to your server is required.

Follow the steps:

  1. Log in to your server through SSH and switch to the root user:
    su –
  2. Navigate to a temporary directory to store the files, such as /root/downloads:
    cd /root/downloads
  3. Download the BFD package:
    wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
  4. Extract the downloaded file:
    tar -xvzf bfd-current.tar.gz
  5. Navigate to the extracted directory:
    cd bfd-0.2
  6. Run the installation script:
    ./install.sh

    You should see a message confirming the installation:

    .: BFD installed
    
    Install path: /usr/local/bfd
    
    Config path: /usr/local/bfd/conf.bfd
    
    Executable path: /usr/local/sbin/bfd
  7. Edit the BFD configuration file:
    pico /usr/local/bfd/conf.bfd
  8. Enable email alerts for brute force attack attempts by making the following changes:
    1. Find:
      ALERT_USR="0"

      Change to:

      ALERT_USR="1"
    2. Find:
      EMAIL_USR="root"

      Change to:

      EMAIL_USR=[email protected]

      Save your changes by pressing Ctrl+X, then Y to confirm.

  9. Prevent locking yourself out by adding your trusted IP addresses:
    pico -w /usr/local/bfd/ignore.hosts

    Add your trusted IP(s) (e.g., 192.168.1.1), and then save the changes by pressing Ctrl+X, followed by Y.
    Note: BFD uses APF’s CLI insert feature, which overrides any allow_hosts.rules entries. Make sure to add your trusted IPs to the ignore.hosts file to avoid being locked out.

  10. Run BFD:
    /usr/local/sbin/bfd -s

BFD is now installed and configured to help protect your server from brute force attacks.

For additional assistance, don’t hesitate to contact our support team.

Spread the love