Help Center/ Host Security Service (New)/ FAQs/ Brute-force Attack Defense/ How Do I Handle Alarms on the Brute-Force Attacks Launched from a Cloud IP Address?

Updated on 2024-01-16 GMT+08:00

View PDF

How Do I Handle Alarms on the Brute-Force Attacks Launched from a Cloud IP Address?

An alarm indicates that an attack was detected. It does not mean your cloud servers have been intruded.

If you receive an alarm, handle it and take countermeasures in a timely manner.

Possible Cause

Some servers users use simple passwords or common ports, or do not use any security protection products. These users' accounts can be easily cracked. Attackers can exploit the accounts and attack other users. In this way, alarms are reported from the IP addresses of the exploited accounts.

Solution

Restrict access from the IP addresses that triggered alarms. For details, see Adding a Security Group Rule.

When brute-force attacks are detected, they are blocked immediately and alarms are reported. Handle the alarm within seven days, or the EIPs that triggered alarms will be blocked until their alarms are handled.

You can enhance security by setting strong passwords and changing ports. For details, see How Do I Defend Against Brute-force Attacks?
You can purchase HSS to protect your servers. For more information, see Purchase HSS Quota. For details about HSS editions, see Editions.

Parent topic: Brute-force Attack Defense

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel