Comments on: Dealing with Brute Force Attacks by Yourself

By: Juergen

Juergen — Thu, 08 Feb 2018 08:27:35 +0000

Just want to leave a huge “THANK YOU”! I host a small private server with RStudio-Server running on it and had to constantly deal with SSH brute force attacks.

By: Bob Weber

Bob Weber — Wed, 11 Mar 2015 16:41:39 +0000

Fought this for a long time with Fail2Ban, Wordfence, Sucuri, etc.. Finally setup ModSecurity with the Comodo ruleset and my problems dropped to almost zero overnight.

By: Jay Wood

Jay Wood — Wed, 11 Mar 2015 13:52:55 +0000

In reply to MF Simchock. The methods I use are definitely time consuming, but I find it fun to track these guys down. I currently only do this for two sites, both of which are on just one server. Though, I agree, if the flood of connections increased, I would have to find a more automated solution. Truth be told, I used to have a captcha on login, and a plugin called Limit Login Attempts. I just wanted to get rid of the PHP overhead ( remove the plugins ), and find an alternative. Fail2Ban gave me that option, so I stuck with it ever since.

By: Renato Alves

Renato Alves — Wed, 11 Mar 2015 13:13:01 +0000

Man, I liked your approach but I agree with @MF Shishock above, it seems a lot of work. Maybe for learning purposes, it is great, but for a simple client site, it seems too much chasing.

By: MF Simchock

MF Simchock — Tue, 10 Mar 2015 16:50:52 +0000

Good stuff. But my first impression is, this doesn’t scale. That is, once you get past having to do this for a couple sites you’re going to be consumed by chasing these ghosts. How many clients REALLY want to pay for that?

The easy – and cheaper? – route seems to be two way auth, or something similar, yes? That is, rather than try to stop the attacks, why not just completely prevent them by making them (close to) impossible?

Finally, there’s a browser plugin called WOT (Web Of Trust) that tells you – via crowdsourced data collection – which sites are safe and which might not be. It would seem to me, a WP-centric implementation of the same concept at it applies to these type of security threats is a no brainer. Safety in numbers, right?