2000+ cloud professionals from over 100 distinguished companies across the world came together CloudTalk Online 2021 was held between 26-27 May. Igor Seletskiy, CEO of CloudLinux, made a speech at CloudTalk Online 2021 about brute-force protection. Seletskiy went over how hackers launch attacks, compromise accounts and take advantage of vulnerabilities.
Proactive approach for preventing brute-force attack
“Hacker uses more than one way to hack servers. WebApps vulnerabilities, FTP/SSH account, cPanel account and WordPress compromise. There are several ways of account compromise like password sharing, brute-force attacks, self-infection. The most common way is brute-force attacks. Preventing brute-force attacks was possible before, but nowadays IP blocking is not that effective”, said Seletskiy.
Web server security with Imunify360
Imunify360 is a comprehensive security platform for web-hosting servers. It utilizes highly tailored and integrated components for proactive real-time website protection and web server security.
Seletskiy explained the characteristics of new brute-force attacks, saying,
“Brute-force attacks became more sophisticated. Cyber-attackers don’t use no single IP, so there are large volumes of IPs. Blocking an IP that is used by hundreds of people can cause false positives. Imunify360 provides brute force protection. It blocks usernames instead of blocking Ips. Furthermore, it includes successful login history tracking, IP+ username pair banning, temp username blocking, IP reputation-based blocking rules.”
According to Seletskiy, the benefits of application-aware brute force protection are high sensitivity with low FP rate and RBL powered IP reputation engine. Also, attackers don’t realize that he was banned. With RBL powered IP reputation engine, high-frequency IP reputation updates across the whole Imunify install base.
How to fight against brute force attacks?
Imunify360 detects and prevents the user from using weak passwords. Additionally, Imunify360 defends the web application against exploits. ModSecurity rule set provides industry’s best WAF protection with a low FP rate. It comes with virtual patching, integration with malware scanners.
“Web applications protection is not enough as there are also zero-day vulnerabilities and backdoors. For preventing all, Imunify360 WordPress Core Protection and Auto-Immunity provide complete protection,” he added.