Lunarpages Web Hosting Forum

Author Topic: brute force password cracking attempts  (Read 7707 times)

Offline Runner

  • Spaceship Navigator
  • *****
  • Posts: 91
brute force password cracking attempts
« on: November 12, 2008, 07:11:16 AM »
In October someone from Russia cracked one of our FTP accounts and modified several of my web pages adding malware at the bottom of the pages.  I have since reset all passwords and cleaned up the affected pages.  I have a shared hosting account (basic plan) so I don't have shell access.  Is there any way I can detect large numbers of failed password attempts and block the users or at least lock out the account after X number of failed attempts?

By the way, this was done via an FTP account so modifying the .htaccess wouldn't help.  Other than forcing users to set strong passwords, is there anything else I can do to prevent this from happening again?

Offline perestrelka

  • Master Jedi
  • *****
  • Posts: 1397
Re: brute force password cracking attempts
« Reply #1 on: November 13, 2008, 11:41:33 PM »
Hi Runner,

First of all, this board is for dedicated server owners and questions related to security of dedicated and VPS servers. However, I'll try to reply on your questions. Unfortunately, due to the nature of the of the shared plan, you don't have access to server logs. However, we have brute force detection scripts running on shared servers which block hosts making too many failed login attempts. What is happening more frequently than successful brute force is login details theft on the client computers via a trojan horse or virus. What is recommended to prevent this from happening is strong passwords as you mentioned, regular password change and up-to-date operating system with firewall as well as up-to-date antivirus with regular scans through entire system.
Kind Regards,
Vlad Artamonov