xbiz world
xbiz premiere

Brute Force Detection

Put up a barrier between you and the bad guys with Brute Force Detection (BFD), published by Rfx Networks (www.rfxn .com/projects/brute-force-detection/). This free software tool helps defend against brute force hacking attacks on dedicated web servers.

Brute force attacks are characterized by their scattergun approach, such as using the entire dictionary as username and password inputs — methodically seeking the correct combination that will allow access to web server roots — or to paysite members areas.

Brute force attacks are characterized by their scattergun approach, such as using the entire dictionary as username and password inputs.

BFD detects these multiple, malicious login attempts, blocking the hacker’s efforts.

According to R-fx Networks, BFD is a modular shell script for parsing application logs and checking for authentication failures.

“It does this using a rules system where application specific options are stored including regular expressions for each unique auth format,” the company website says. “The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments.”

BFD employs a log tracking system that allows logs to be parsed from their last read point, boosting the performance of BFD, as it is not constantly reading the same log data.

BFD can be leveraged to block attackers using tools such as APF, Shorewall, raw IP tables, IP route or custom commands. A customizable email alerting system and simple flat text files are added benefits, as is the attack pool “where trending data is stored on all hosts that have been blocked including which rule the block was triggered by.”

By default, a cron job executes BFD once every three minutes, but this can be as little as one minute without causing any performance issues.

“Although cron execution does not permit BFD to act in real time, the log tracking system ensures it never misses a beat in authentication failures,” the BFD website notes. “Further, using cron provides a reliable frame work for consistent execution of BFD in a very simplified fashion across all *nix platforms.”

BFD is free to use, but its ongoing development is dependent on public contributions and donations, so a small usage gratuity is requested.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
opinion

Understanding the Latest Server Processors

Over the last decade, we mostly stopped talking about CPU performance. Recently, however, there has been a seismic and exciting change in the CPU landscape, due to innovation by a chip company called Advanced Micro Devices (AMD).

Brad Mitchell ·
opinion

User Choice, Privacy and the Importance of Education in AV

As we discussed last month, age verification in the adult sector is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Maintaining Payment Processing Compliance When the Goalpost Keeps Moving

VIRP is the new four-letter word everyone loves to hate. The Visa Integrity Risk Program went into effect last year, and affects several business types — including MCC 5967, which covers adult and anything else with nudity, and MCC 7273, dating services that don’t allow nudity.

Jonathan Corona ·
opinion

Making the Most of Your Sales Opportunities

The compliance road has been full of twists and turns this year. For many, it’s been a companywide effort just to make it across that finish line. Hopefully, most of us can now return our attention to some important things we’ve left on the back burner for months — like driving revenue.

Cathy Beardsley ·
profile

YourPaysitePartner Marks 25-Year Anniversary Amid Indie Content Renaissance

For 25 years, YourPaysitePartner has teamed up with stars and entrepreneurial brands to bring their one-stop-shop adult content dreams to life — and given the indie paysite renaissance of the past few years, the company’s efforts have paid off in spades.

Alejandro Freixes ·
opinion

WIA Profile: B. Wilde

B. Wilde considers herself a strategic, creative, analytical and entertaining person by nature — all useful traits for a “marketing girlie,” a label she happily embraces.

Women In Adult ·
opinion

Proportionality in Age Verification

Ever-evolving age verification (AV) regulations make it critical for companies in the adult sector to ensure legal compliance while protecting the privacy of adults wishing to view adult content. In the past, however, adult sites implementing AV solutions have seen up to a 60% drop in traffic as a result.

Gavin Worrall ·
opinion

Goodbye to Noncompete Agreements in the US?

A noncompetition agreement, also known as a noncompete clause or covenant not to compete, is a contract between an employer and an employee, or between two companies.

Corey D. Silverstein ·
opinion

The Search for Perfection in Your Payments Page

There has been a lot of talk about changes to cross sales and checkout pages. You have likely noticed that acquirers are now actively pushing back on allowing merchants to offer a negative option, upsell or any cross sales on payment pages.

Cathy Beardsley ·
Show More