Brute Force Intrusions
What are they and how do they affect you?
A Brute-Force attempt is an effort by an Internet user attempting to gain unauthorized access to a server by way of connecting to it and running a command which attempts multiple logins per second, using a dictionary file of common passwords, trying different combinations to see if they can gain access.
Brandesigns routinely takes proactive, behind-the-scenes measures to protect its Dedicated Server against these types of attacks by renaming all Administrator accounts, as well as using very strong multi-character, alpha-numeric, case-sensitive password for maximum security. We are notified when an Internet User attempts to gain unauthorized access after five failed login attempts. Any time an attacker attempts to gain unauthorized access by way of Brute Force, they will inevitably leave a footprint of their originating IP address, which we use to deny them any further access to the server whatsoever by "black-listing" the IP and cease the attacks.
During the past 6 months, we've seen a three-fold increase in attacks from countries such as Iran, Austria, Turkey, Mongolia, Saudi Arabia, Japan, Armenia, Kazakhstan, Brazil, Pakistan, Vietnam ... you get the picture. Monitoring the server for Brute Force attacks has since become a second full time job. Unfortunately, there is no way to prevent a Brute Force attempt at the source, however blocking the IP address will stop the attack, and prevent the attacker from gaining access to the server.
Protecting our server and our client websites is in the forefront of our hosting service. While we perform this protection service at no cost, we are finding that monitoring and black-listing the culprits has resulted in a reduction of creative time that could be better utilized developing websites and performing maintenance to keep our client websites up-to-date and upgraded to current web security protocol.
With this in mind and after carefully analyzing options, we have decided to outsource our Hosting services to Springs Hosting, a leading world-class hosting company. They employ an extremely competent IT department to monitor their servers on a 24/7 basis. Their support system and response time is second to none. That is why we fully endorse Springs Hosting services and have teamed with them as an affiliate to recommend their services. We feel this change to our services will be a win-win for everyone.
We appreciate our current and future clients and will be at the helm in assisting everyone in moving their websites to Springs Hosting and walking them through the changes.
Here are some steps you can take to keep your online identity, personal computer and website secure, no matter where you live or what type of devise you use:
1. Create smart and strong passwords. Make it difficult for hackers to crack your password. You can create a smart password by incorporating capital letters, numbers, and special characters, and using more than six characters.
2. Use email wisely. Email is a great way to keep in touch with friends and family, and as a tool to conduct business. Even if you have good security software on your PC, however, your friends and family might not have the same protection. Be careful about what information you submit via email. Never send your credit-card information, Social Security number, or other private information via email.
3. Shop safely. If you plan to order from an online store, be sure that the Web site uses secure technology. When you are at the checkout screen, verify that the Web address begins with https. Also, check to see if a tiny locked padlock symbol appears at the bottom right of the checkout screen, or that there is a statement on the checkout screen stating that the pages are secure with a security technology vendor. To double-check, click on the padlock icon on the status bar to see the security certificate for the site. Following the "Issued to" in the pop-up window you should see the name matching the site you think you're on. If the name differs, you are probably on a spoofed site.
4. Pay attention to your children's online activities. Keep your home computer in a community area so that you can monitor their activity. Use child software that is age-appropriate. Limit your children's time spent online. Install and use parental controls software that allows you to monitor your children's activity online. This will keep your children from accessing undesirable Web sites and sharing personal information via online communications.
For further information, see the Federal Communications Commission website at: http://www.fcc.gov/guides/how-protect-yourself-online