How Do I Handle a Brute-force Attack?
Brute-force attacks are common intrusion behavior. Attackers guess and try login usernames and passwords remotely. When they succeed, they can attack and control systems.
SA interworks with HSS to receive alarms for brute force attacks detected by HSS and centrally display and manage alarm events.
Handling Alarm Events
HSS uses brute-force detection algorithms and an IP address blacklist to effectively prevent brute-force attacks and block attacking IP addresses. Alarm events will be reported.
If you receive an alarm event from HSS, log in to the HSS console to confirm and handle the alarm event.
- If your host is cracked and an intruder successfully logs in to the host, all hosts under your account may have been implanted with malicious programs. Take the following measures to handle the alarm event immediately to prevent further risks to the hosts:
- Check whether the source IP address used to log in to the host is trusted immediately.
- Change passwords of accounts involved.
- Scan for risky accounts and handle suspicious accounts immediately.
- Scan for malicious programs and remove them, if any, immediately.
- If your host is cracked and the attack source IP address is blocked by HSS, take the following measures to harden host security:
- Check the source IP address used to log in to the host and ensure it is trusted.
- Log in to the host and scan for OS risks.
- Upgrade the HSS protection capability if it is possible.
- Harden the host security group and firewall configurations based on site requirements.
For details, see How Do I Handle a Brute-Force Attack Alarm?
Marking Alarm Events
After an alarm event is handled, you can mark the alarm event.
- Log in to the management console.
- Click in the upper left corner of the page and choose .
- On the Alarms tab, select Brute-force attacks and refresh the alarm list.
- Select an alarm and mark it as handled.
For details, see Viewing Alarms.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot