xbiz world
xbiz premiere

Brute Force Detection

Put up a barrier between you and the bad guys with Brute Force Detection (BFD), published by Rfx Networks (www.rfxn .com/projects/brute-force-detection/). This free software tool helps defend against brute force hacking attacks on dedicated web servers.

Brute force attacks are characterized by their scattergun approach, such as using the entire dictionary as username and password inputs — methodically seeking the correct combination that will allow access to web server roots — or to paysite members areas.

Brute force attacks are characterized by their scattergun approach, such as using the entire dictionary as username and password inputs.

BFD detects these multiple, malicious login attempts, blocking the hacker’s efforts.

According to R-fx Networks, BFD is a modular shell script for parsing application logs and checking for authentication failures.

“It does this using a rules system where application specific options are stored including regular expressions for each unique auth format,” the company website says. “The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments.”

BFD employs a log tracking system that allows logs to be parsed from their last read point, boosting the performance of BFD, as it is not constantly reading the same log data.

BFD can be leveraged to block attackers using tools such as APF, Shorewall, raw IP tables, IP route or custom commands. A customizable email alerting system and simple flat text files are added benefits, as is the attack pool “where trending data is stored on all hosts that have been blocked including which rule the block was triggered by.”

By default, a cron job executes BFD once every three minutes, but this can be as little as one minute without causing any performance issues.

“Although cron execution does not permit BFD to act in real time, the log tracking system ensures it never misses a beat in authentication failures,” the BFD website notes. “Further, using cron provides a reliable frame work for consistent execution of BFD in a very simplified fashion across all *nix platforms.”

BFD is free to use, but its ongoing development is dependent on public contributions and donations, so a small usage gratuity is requested.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
opinion

Understanding the Latest Server Processors

Over the last decade, we mostly stopped talking about CPU performance. Recently, however, there has been a seismic and exciting change in the CPU landscape, due to innovation by a chip company called Advanced Micro Devices (AMD).

Brad Mitchell ·
Show More