Solution against brute force attack
Hello everyone, I have constant notifications of "ToS Violation - Brute Force", at the risk of seeing me delete my linode from the server, can I have a definitive solution to these cases of recurring attack.
sincerely
3 Replies
(I'm not Linode staff)
Before doing anything I suggest check your tickets and see if staff has instructions for you.
It sounds like the vps was compromised and tried hacking into other devices. Probably automatically. If you have important data you can try to boot into Rescue mode to recover the data which can come with risk of the data itself being infected.
If the data is needed then after it is recovered it is best to delete the Linode and start from a fresh OS.
There is no definitive solution when it comes to security since it depends on a number of different things. But a firewall and fail2ban with an updated and upgraded OS should stop most attacks not including whatever your application itself may be vulnerable to.
For the firewall most people just install and enable ufw which is a wrapper for iptables.
But a few years ago the same thing happened to my server after a DDoS flood to port 53. Twice. Then I whitelisted the DNS server(s) I wanted to use in the firewalls and added them to /etc/resolv.conf, just as an example:
echo "nameserver 9.9.9.9" > /etc/resolv.conf
Linode supplies resolvers as well, check the network tab for your Linode.
or maybe you just need a domain already mapped to an ip (this is just an example):
echo "8.8.8.8 google.com" >> /etc/hosts
allowing you to drop port 53 entirely (tcp, udp, ipv4, ipv6).
And don't forget if you need both ipv4 and ipv6 then the firewall needs to be for both. ufw wraps both iptables and ip6tables. Linode's Cloud firewall is more user friendly.
If you can't just drop port 53 depending on your needs then a whitelist approach for port 53 is the next best thing for whichever firewall you use.
Thanks for answering.
Thanks for answering.