How secure IS your web server?

May 19, 2014

After setting up on a new server recently, I started receiving a MOUNTAIN of notification emails about failed login attempts – something I haven’t seen much of so far in my 20 years on the ‘net!

What do I call a mountain ???

How about SIX HUNDRED emails reporting OVER 3,000 attempts to login as the root user on the server?

It scared the “you know what” out of me when it first happened 🙂

And this happens OFTEN… every day… and not just from IP addresses in China (the main culprit) but also from Korea, the US, Ukraine, Iran, Vietnam, Russia and even France!

So it begs the question…

How easy is it for people to “guess” your root password?

Remember the idea here is that they just try so many different words that eventually (they hope) they will stumble onto the right one.

Apart from that, several of these attempts try to “guess” the username used with a website… see below which demonstrates how many variations of the user name this hacker from China tried to access my Careers OnLine server:

May 8 12:05:00 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline]
May 8 12:05:07 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonlinecomau]
May 8 12:05:13 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline.comau]
May 8 12:05:19 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline.comau1]
May 8 12:05:33 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonlinecomau]
May 8 12:05:38 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline.comau]
May 8 12:05:43 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline.comau1]
May 8 12:05:48 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline]
May 8 12:05:55 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonlinecomau]
May 8 12:06:21 vps pure-ftpd: (?@36.250.1.69) [WARNING] Authentication failed for user [careersonline.comau]

So what can you take away from this ???

  1. make your ROOT password (or any USER password) a VERY strong one so it can resist such ongoing attacks!
  2. Ensure your web server login/USERNAME is also NOT an easy one to guess… and NEVER use the “default” username offered when a new server is set up – it is far too easy to guess.
  3. Ensure your web server firewall is working properly!

And good luck fighting off these morons!

Cheers
Stephen Spry

« | Home | »

Leave a Reply

Your email address will not be published. Required fields are marked *