Malicious botnets often use dictionaries of common names and phrases to find the right username and password combination to hack an account. They systematically check many possible login credentials until they succeed. This type of attack isn’t very elegant and relies on making many trial-and-error attempts to login, that’s why it’s called a brute force attack.
The most popular targets of brute force attacks are email accounts, WordPress/Joomla/Drupal admins, FTP and SSH access. Typically, these malicious botnets use many different IPs to carry out their attacks.
Hacked FTP, SSH, CMS
A lot of failed login attempts
User complaints about locked accounts
The Log Analysis module automatically recognizes the most common log files on your server and starts to analyze them in an efficient and resource-friendly way.
This module will immediately block brute force attacks as well as many other attack types including SQL injection, directory traversal, spamming attempts, WordPress user enumeration attack, reflective DDoS via xmlrpc.php, and more.
Log Analysis doesn’t require configuration and runs silently in the background, monitoring for malicious IP addresses. When this module detects a malicious IP, it is automatically greylisted by our real-time IP Reputation module. We constantly update our IP rules and continuously monitor log files, ensuring you always have the latest protection on your server.