xbiz world
xbiz premiere

Brute Force Detection

Put up a barrier between you and the bad guys with Brute Force Detection (BFD), published by Rfx Networks (www.rfxn .com/projects/brute-force-detection/). This free software tool helps defend against brute force hacking attacks on dedicated web servers.

Brute force attacks are characterized by their scattergun approach, such as using the entire dictionary as username and password inputs — methodically seeking the correct combination that will allow access to web server roots — or to paysite members areas.

Brute force attacks are characterized by their scattergun approach, such as using the entire dictionary as username and password inputs.

BFD detects these multiple, malicious login attempts, blocking the hacker’s efforts.

According to R-fx Networks, BFD is a modular shell script for parsing application logs and checking for authentication failures.

“It does this using a rules system where application specific options are stored including regular expressions for each unique auth format,” the company website says. “The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments.”

BFD employs a log tracking system that allows logs to be parsed from their last read point, boosting the performance of BFD, as it is not constantly reading the same log data.

BFD can be leveraged to block attackers using tools such as APF, Shorewall, raw IP tables, IP route or custom commands. A customizable email alerting system and simple flat text files are added benefits, as is the attack pool “where trending data is stored on all hosts that have been blocked including which rule the block was triggered by.”

By default, a cron job executes BFD once every three minutes, but this can be as little as one minute without causing any performance issues.

“Although cron execution does not permit BFD to act in real time, the log tracking system ensures it never misses a beat in authentication failures,” the BFD website notes. “Further, using cron provides a reliable frame work for consistent execution of BFD in a very simplified fashion across all *nix platforms.”

BFD is free to use, but its ongoing development is dependent on public contributions and donations, so a small usage gratuity is requested.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

The Search for Perfection in Your Payments Page

There has been a lot of talk about changes to cross sales and checkout pages. You have likely noticed that acquirers are now actively pushing back on allowing merchants to offer a negative option, upsell or any cross sales on payment pages.

Cathy Beardsley ·
opinion

Unpacking the Payment Card Industry's Latest Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements and guidelines that apply to all businesses that accept credit card payments, and is designed to ensure the security of those transactions.

Jonathan Corona ·
opinion

Compliance With State Age Verification Laws

During the past year, website operators have faced a slew of new state age verification laws entailing a variety of inconsistent compliance obligations.

Lawrence Walters ·
opinion

Merchants in Spotlight With Visa's VIRP

By now, most merchants know about the Visa Integrity Risk Program (VIRP) rolled out in spring 2023. The program is designed to ensure that acquirers and their designated agents — payment facilitators, independent sales organizations and wallets — maintain proper controls and oversight to prevent illegal transactions from entering the Visa payment system.

Cathy Beardsley ·
opinion

How to Know When Hosting Upgrades Are Really Needed

I was reminded about an annoyingly common experience that often frustrates website owners: upgrades. Sometimes, an upgrade of physical system resources like CPU, RAM or storage really is required to solve a problem or improve performance… but how do you know you’re not just being upsold?

Brad Mitchell ·
profile

WIA Profile: Natasha Inamorata

Natasha Inamorata was just a kid when she first picked up a disposable camera. She quickly became enamored with it and continued to shoot with whatever equipment she could afford. In her teens, she saved enough money to purchase a digital Canon ELPH, began taking portraits of her friends, shot an entire wedding on a point-and-shoot camera and edited the photos with Picnik.

Women in Adult ·
trends

Collab Nation: Top Creators Share Best Practices for Fruitful Co-Shoots

One of the fastest ways for creators to gain new subscribers and buyers, not to mention monetize their existing fan base, is to collaborate with other creators. The extra star power can multiply potential earnings, broaden brand reach and boost a creator’s reputation in the community.

Alejandro Freixes ·
opinion

Bridging Generational Divides in Payment Preferences

While Baby Boomers and Gen Xers tend to be most comfortable with the traditional payment methods to which they are accustomed, like cash and credit cards, the younger cohorts — Millennials and Gen Z — have veered sharply toward digital-first payment solutions.

Jonathan Corona ·
opinion

Legal and Business Safety for Creators at Trade Shows

As I write this, I am preparing to attend XBIZ Miami, which reminds me of attending my first trade show 20 years ago. Since then, I have met thousands of people from all over the world who were doing business — or seeking to do business — in the adult industry.

Corey D. Silverstein ·
opinion

Adding AI to Your Company's Tech Toolbox

Artificial intelligence is all the rage. Not only is AI all over the headlines, it is also top of mind for many company leadership teams, who find themselves asking, “How can this new tool help our company?”

Cathy Beardsley ·
Show More