A Brute-Force attempt is an attempt by an Internet user attempting to gain unauthorized access to your server by way of connecting to it, and running a command which attempts multiple logins per second, using a dictionary file of common passwords, trying different combinations to see if they can gain access.
Server Intellect routinely takes proactive measures to protect all Shared, Private Cloud, and Dedicated Servers against these types of attacks by renaming all Administrator accounts, as well as using very strong multi-character, alpha-numeric, case-sensitive password for maximum security. Additionally we configure non-standard ports for various common services to reduce automated Brute Force attacks.
Windows keeps track of all successful and unsuccessful login attempts in the Windows Event Viewer, which you can access by navigating to ‘Start –> Administrative Tools –> Event Viewer‘.
An example of a Brute Force attempt is shown below:
As you can see, the automated programs can attempt many logins per second. A sustained attack can cause a server to perform slower due to the load on it, or become completely unresponsive.
However, any time an attacker attempts to gain unauthorized access by way of Brute Force, they will inevitably leave a footprint of their originating IP address, which you can use to deny them any further access to the server whatsoever, and cease the attacks. Also, the offending IP address can be used to trace the attacker’s Internet Service Provider and report the abusive activity.
This is done by using the built-in IP Security Policy in Windows Server, which is a fully customizable software firewall solution, and we have a Knowledge Base article which provides step-by-step instructions for adding a specific IP address to IPSec.
While there is no way to prevent a Brute Force attempt at the source, using non-standard port numbers for common services such as RDP drastically reduces the likelihood of being targeted.
If you have any other questions about Brute Force attempts or your server’s security as a whole, always feel free to contact our Technical Support Department, as they are available 24/7/365.