{"id":5710,"date":"2024-10-29T17:31:23","date_gmt":"2024-10-29T12:01:23","guid":{"rendered":"https:\/\/www.veeble.org\/kb\/?p=5710"},"modified":"2025-04-04T11:59:23","modified_gmt":"2025-04-04T06:29:23","slug":"how-to-prevent-brute-force-attacks-on-your-linux-vps","status":"publish","type":"post","link":"https:\/\/www.veeble.com\/kb\/how-to-prevent-brute-force-attacks-on-your-linux-vps\/","title":{"rendered":"How to Prevent Brute Force Attacks on Your Linux VPS"},"content":{"rendered":"\n<figure class=\"wp-block-image aligncenter size-full\"><a href=\"https:\/\/www.veeble.org\/kb\/wp-content\/uploads\/2024\/10\/Untitled-Diagram.drawio.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"313\" src=\"https:\/\/www.veeble.org\/kb\/wp-content\/uploads\/2024\/10\/Untitled-Diagram.drawio.png\" alt=\"Brute Force Attack\" class=\"wp-image-5715\" srcset=\"https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/Untitled-Diagram.drawio.png 800w, https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/Untitled-Diagram.drawio-300x117.png 300w, https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/Untitled-Diagram.drawio-768x300.png 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/figure>\n\n\n\n<p>Brute force attacks are common security threats for <a href=\"https:\/\/www.veeble.org\/vps-hosting\/\" target=\"_blank\" rel=\"noopener\">Linux VPS servers<\/a>, where attackers attempt to guess login credentials by trying multiple password combinations. These attacks can lead to server access, data compromise, and even complete system takeover. Protecting your VPS from such attacks is essential to ensure data security and server performance. This guide outlines various methods to secure your VPS against brute force attacks using firewalls, authentication strategies, and security tools.<\/p>\n\n\n\t\t\t\t<div class=\"wp-block-uagb-table-of-contents uagb-toc__align-left uagb-toc__columns-1  uagb-block-763659d7      \"\n\t\t\t\t\tdata-scroll= \"1\"\n\t\t\t\t\tdata-offset= \"30\"\n\t\t\t\t\tstyle=\"\"\n\t\t\t\t>\n\t\t\t\t<div class=\"uagb-toc__wrap\">\n\t\t\t\t\t\t<div class=\"uagb-toc__title\">\n\t\t\t\t\t\t\tTable Of Contents\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"uagb-toc__list-wrap \">\n\t\t\t\t\t\t<ol class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#what-is-brute-force-attack\" class=\"uagb-toc-link__trigger\">What is Brute Force Attack<\/a><li class=\"uagb-toc__list\"><a href=\"#how-to-identify-brute-force-attack\" class=\"uagb-toc-link__trigger\">How to Identify Brute Force Attack?<\/a><li class=\"uagb-toc__list\"><a href=\"#how-to-prevent-brute-force-attack\" class=\"uagb-toc-link__trigger\">How to prevent Brute Force Attack??<\/a><ul class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#enable-any-firewall\" class=\"uagb-toc-link__trigger\">Enable any Firewall<\/a><li class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#install-and-configure-fail2ban\" class=\"uagb-toc-link__trigger\">Install and Configure Fail2Ban<\/a><li class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#disable-root-login-and-use-ssh-key-authentication\" class=\"uagb-toc-link__trigger\">Disable Root Login and Use SSH Key Authentication<\/a><li class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#change-the-default-ssh-port\" class=\"uagb-toc-link__trigger\">Change the Default SSH Port<\/a><li class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#enable-two-factor-authentication-2fa\" class=\"uagb-toc-link__trigger\">Enable Two-Factor Authentication (2FA)<\/a><\/li><\/ul><\/li><li class=\"uagb-toc__list\"><a href=\"#conclusion\" class=\"uagb-toc-link__trigger\">Conclusion<\/a><ul class=\"uagb-toc__list\"><li class=\"uagb-toc__list\"><a href=\"#reliable-cpanel-hosting\" class=\"uagb-toc-link__trigger\">Reliable cPanel Hosting<\/a><\/ul><\/ul><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\n\n<h2 class=\"wp-block-heading\" id=\"what-is-brute-force-attack\">What is Brute Force Attack<\/h2>\n\n\n<p>A brute force attack is a hacking method where attackers attempt to gain access to a system, account, or network by systematically trying all possible combinations of passwords or encryption keys until the correct one is found. This approach relies on sheer computing power and repetition to &#8220;force&#8221; entry, often targeting accounts with weak or common passwords. Brute force attacks can be time-consuming and resource-intensive. But they can succeed if security measures are inadequate, potentially exposing sensitive data or allowing unauthorized access to systems.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-identify-brute-force-attack\">How to Identify Brute Force Attack?<\/h2>\n\n\n<p>To identify  brute force attack, you can look for specific patterns and unusual behaviors in your server logs and monitor system activity. Here are some common indicators:<\/p>\n\n\n\n<p>-&gt; <strong>Repeated Failed Login Attempts:<\/strong> Check authentication logs (e.g., <code>\/var\/log\/auth.log<\/code> on Ubuntu\/Debian or <code>\/var\/log\/secure<\/code> on CentOS\/RHEL) for multiple failed login attempts in a short period. This often indicates an automated script trying different credentials.<\/p>\n\n\n\n<p>-&gt; <strong>Unusual IP Activity:<\/strong> Frequent login attempts from a single or multiple IPs trying to access your server in quick succession could indicate a distributed brute force attack. This is especially noticeable if the IPs originate from unusual locations or regions.<\/p>\n\n\n\n<p>-&gt; <strong>High Server Resource Usage:<\/strong> Brute force attacks can spike CPU and memory usage due to the high volume of requests. Monitoring your server\u2019s resource usage can help detect any abnormal load that might correlate with login attempts.<\/p>\n\n\n\n<p>-&gt; <strong>Unfamiliar or Unauthorized Accounts:<\/strong> If you detect any unauthorized or unfamiliar accounts being created, this could indicate that a brute force attack was successful in gaining access to your system.<\/p>\n\n\n\n<p>-&gt; <strong>Real-Time Intrusion Detection Systems (IDS):<\/strong> Tools like <a href=\"https:\/\/en.wikipedia.org\/wiki\/Fail2ban\" target=\"_blank\" rel=\"noopener\">Fail2Ban<\/a> and <a href=\"https:\/\/en.wikipedia.org\/wiki\/OSSEC\" target=\"_blank\" rel=\"noopener\">OSSEC<\/a> can detect and alert you to potential brute force attacks by monitoring logs for specific patterns of failed logins and blocking offending IPs.<\/p>\n\n\n\n<p>Monitoring these indicators and setting automated alerts enables prompt identification and response to brute force attacks on your server.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-prevent-brute-force-attack\">How to prevent Brute Force Attack??<\/h2>\n\n<h3 class=\"wp-block-heading\" id=\"enable-any-firewall\">Enable any Firewall<\/h3>\n\n\n<p>To help protect your server from brute force attacks, enabling a firewall is an essential first step. A firewall like UFW or FirewallD limits access to specific ports and restricts IPs with excessive failed connection attempts. By allowing only trusted IP addresses and setting rate limits on services like SSH, a firewall reduces the risk of unauthorized login attempts. Additionally, pairing a firewall with tools like Fail2Ban strengthens your defenses by blocking IPs that show patterns of brute force activity, further safeguarding your system.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"install-and-configure-fail2ban\"><strong>Install and Configure Fail2Ban<\/strong><\/h3>\n\n\n<p>Fail2Ban protects servers from brute force by monitoring logs for repeated failed logins and blocking offending IPs automatically. When an IP address attempts too many unsuccessful logins within a specified timeframe, Fail2Ban detects this pattern as a possible brute force attack and bans the IP, temporarily or permanently, based on your configuration. Fail2Ban\u2019s automated response minimizes unauthorized access risk, maintaining server integrity with dynamic, rule-based security. This tool complements firewalls, providing an additional layer of automated defense against brute force attacks.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Install Fail2ban<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install fail2ban -y                \/\/ For Debian\/Ubuntu\nsudo yum install epel-release -y            \/\/ For CentOS\/RHEL\nsudo yum install fail2ban -y\n<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Configuring Fail2Ban<\/strong><\/p>\n\n\n\n<p>Copy the default configuration:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/pre>\n\n\n\n<p>Edit <code>\/etc\/fail2ban\/jail.local<\/code> to enable SSH protection and set ban parameters:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[sshd]<br>enabled = true<br>port = ssh<br>logpath = %(sshd_log)s<br>maxretry = 5<br>bantime = 3600<\/pre>\n\n\n\n<p class=\"has-medium-font-size\"><strong>Restart Fail2Ban:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl restart fail2ban<\/pre>\n\n\n\n<p>Fail2Ban monitors logs for repeated failed login attempts and blocks IP addresses that exceed allowed attempts.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"disable-root-login-and-use-ssh-key-authentication\"><strong>Disable Root Login and Use SSH Key Authentication<\/strong><\/h3>\n\n\n<p>Disabling root login and using SSH key authentication significantly enhance server security against brute force attacks. Disabling root login prevents attackers from targeting the highest-privilege account, reducing unauthorized access even during brute force attempts. SSH key authentication adds an extra layer of security because it requires a unique, cryptographic key pair instead of a password, which is nearly impossible to guess or brute-force. Without root access and with SSH keys in place, attackers are forced to bypass a much more complex security barrier, effectively lowering the risk of successful brute force attacks on your server. To know detail steps to disable root login and ssh key authentication, kindly refer this article .<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"change-the-default-ssh-port\"><strong>Change the Default SSH Port<\/strong><\/h3>\n\n\n<p>Changing the default SSH port from 22 to a non-standard port helps protect against brute force attacks by hiding your server\u2019s entry point. Automated brute force attacks often target default ports, as attackers assume common configurations for efficiency. When SSH operates on a different port, attackers must first identify the port in use, which adds a significant obstacle. This method, known as \u201csecurity through obscurity,\u201d doesn&#8217;t make your server immune to brute force but reduces its visibility, decreasing the frequency of random or automated attacks. Changing the SSH port, combined with other security measures like firewalls and authentication protocols, strengthens your server&#8217;s overall security posture by making it less accessible to unsophisticated and automated attack scripts.<\/p>\n\n\n\n<p><strong>To change the default SSH port, edit the SSH configuration file:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo vi \/etc\/ssh\/sshd_config<\/pre>\n\n\n\n<p><strong>Change the <code>Port<\/code> directive to a port number of your choice, e.g., <code>Port 3147<\/code><\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>port 3147<\/code><\/pre>\n\n\n\n<p><strong>Save the file and restart SSH:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo systemctl restart ssh<\/pre>\n\n\n\n<p>Ensure your firewall allows connections to the new port.<\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-twofactor-authentication-2fa\"><strong>Enable Two-Factor Authentication (2FA)<\/strong><\/h3>\n\n\n<p>Enabling Two-Factor Authentication (2FA) significantly strengthens defense against brute force attacks by requiring not only a password but also a second form of verification, usually a one-time code generated on a personal device. This means that even if an attacker manages to guess or brute-force the password, they would still need access to the second factor, which is typically unique and time-sensitive. By adding this extra layer, 2FA reduces the likelihood of unauthorized access through brute force, as attackers are highly unlikely to have both the password and the second authentication factor.<br>To enable Two-factor Authentication, Kindly refer this <a href=\"https:\/\/www.veeble.org\/kb\/setting-up-google-2fa-for-openssh\/\" target=\"_blank\" rel=\"noopener\">article<\/a>.<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion\">Conclusion<\/h2>\n\n\n<p>Securing your Linux VPS against brute force attacks is crucial to maintain system integrity and data confidentiality. Implementing these strategies\u2014firewall configuration, Fail2Ban, SSH key authentication, non-default ports, and 2FA\u2014can greatly enhance your server&#8217;s security. Regular monitoring and updates to your VPS\u2019s security setup are also essential to stay protected against evolving threats.<\/p>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-uagb-call-to-action uagb-block-6eabe3ae wp-block-button\"><div class=\"uagb-cta__wrap\"><h3 class=\"uagb-cta__title\">Reliable cPanel Hosting<\/h3><p class=\"uagb-cta__desc\">Secure, dependable, and easy-to-use cPanel hosting. Perfect for your website.<\/p><\/div><div class=\"uagb-cta__buttons\"><a href=\"https:\/\/www.veeble.com\/in\/cpanel-hosting\/\" class=\"uagb-cta__button-link-wrapper wp-block-button__link\" target=\"_blank\" rel=\"noopener noreferrer\">Choose Your Plan<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\"><path d=\"M504.3 273.6l-112.1 104c-6.992 6.484-17.18 8.218-25.94 4.406c-8.758-3.812-14.42-12.45-14.42-21.1L351.9 288H32C14.33 288 .0002 273.7 .0002 255.1S14.33 224 32 224h319.9l0-72c0-9.547 5.66-18.19 14.42-22c8.754-3.809 18.95-2.075 25.94 4.41l112.1 104C514.6 247.9 514.6 264.1 504.3 273.6z\"><\/path><\/svg><\/a><\/div><\/div>\n\n\n\n<div style=\"height:45px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-ast-global-color-8-color has-text-color has-link-color wp-elements-22d3202bc96c2fac8611f39aeda01b57\"><strong>Also Reads:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-veeble-hosting wp-block-embed-veeble-hosting\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.veeble.org\/kb\/disabling-root-login-and-creating-sudo-user-for-vps-security\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-veeble-hosting wp-block-embed-veeble-hosting\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/www.veeble.org\/kb\/setting-up-google-2fa-for-openssh\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Brute force attacks are common security threats for Linux VPS servers, where attackers attempt to guess login credentials by trying multiple password combinations. These [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":8474,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9,5],"tags":[],"class_list":["post-5710","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-firewallsecurity","category-linux"],"uagb_featured_image_src":{"full":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS.jpg",1366,768,false],"thumbnail":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS-150x150.jpg",150,150,true],"medium":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS-300x169.jpg",300,169,true],"medium_large":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS-768x432.jpg",768,432,true],"large":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS-1024x576.jpg",1024,576,true],"1536x1536":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS.jpg",1366,768,false],"2048x2048":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2024\/10\/How-to-Prevent-Brute-Force-Attacks-on-Your-Linux-VPS.jpg",1366,768,false]},"uagb_author_info":{"display_name":"Nayana Nair","author_link":"https:\/\/www.veeble.com\/kb\/author\/nayana\/"},"uagb_comment_info":0,"uagb_excerpt":"Brute force attacks are common security threats for Linux VPS servers, where attackers attempt to guess login credentials by trying multiple password combinations. These [&hellip;]","_links":{"self":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/5710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/comments?post=5710"}],"version-history":[{"count":8,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/5710\/revisions"}],"predecessor-version":[{"id":7580,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/5710\/revisions\/7580"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/media\/8474"}],"wp:attachment":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/media?parent=5710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/categories?post=5710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/tags?post=5710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}