Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 12:11 am EST

Geeklog Forums

Brutus cracker


Profetas

Anonymous
there is some one trying to crack into my site using the brutus cracker. so to minimize the brute force I was looking for the Password time out. is there any configuration in the gl about the time out?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
There's a speed limit for the requests for new passwords. Is that what you mean?
Text Formatted Code
// Password setting: minimum time between two requests for a new password
$_CONF['passwordspeedlimit'] = 300; // seconds = 5 minutes
 


I'm not familiar with the kind of attack you've mentioned. What is it doing exactly? Trying to guess an account's password?

bye, Dirk
 Quote

Status: offline

geKow

Forum User
Full Member
Registered: 01/12/03
Posts: 445
Brutus this one?
 Quote

Status: offline

exdeath

Forum User
Junior
Registered: 02/13/04
Posts: 23
Why not get the ip from the guy who is trying to crack you site from the acess.log, and track his isp down in order to send them an e-mail reporting the hack attempt. That should do the trick.
 Quote

Status: offline

Turias

Forum User
Full Member
Registered: 10/20/03
Posts: 807
Once you get his IP, you could use the ban plugin.
 Quote

Profetas

Anonymous
He is using proxy.

I have banned over 20 ip. using my firewall. I wanted to install it to see how it works byt I don't have windows.
 Quote

Status: offline

Turias

Forum User
Full Member
Registered: 10/20/03
Posts: 807
Quote by Profetas: He is using proxy.

I have banned over 20 ip. using my firewall. I wanted to install it to see how it works byt I don't have windows.


Hmmm, if he doesn't have a static ip it makes it difficult to stop him. Your best bet would be to follow exdeath's advice. Create a table listing the time of each attack, the ip used, and the duration of the attack. Then, send this table to the service provider so that they can handle it.

As a precautionary measure, make sure that your admin accounts have long, random passwords with both lowercase and uppercase letters as well as numbers. For example, if your root account has the password: t2U62Mh01d (don't use this one), it would be almost impossible for someone to brute-force their way in using Brutus. Not impossible, but probablitity says it would take many, many years.
 Quote

All times are EST. The time is now 12:11 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content