Brute Force Attacks
Overview
In a brute force attack, every possible login credential is systematically tested until the actual result password is identified. Attackers guess and try login usernames and passwords remotely. If they guess correctly, they can attack and control systems.
As long as Host Security Service (HSS) is enabled, the professional edition SA can detect 22 types of brute-force attacks. If HSS is not enabled, the professional edition can detect 14, and the standard edition can detect 8. The basic edition does not support this feature.
Suggestion
If a brute force attack threat is detected, handle the threat by following the instructions in Table 1.
Threat Alarm |
Severity |
Threat Description |
Suggestion |
---|---|---|---|
SSH brute-force attack |
Medium |
Continuous attempts to log in to an ECS instance over SSH were detected, indicating that an attacker is attempting to hack into the ECS instance using SSH. |
The SSH port is open to the public network. You are advised to perform the following operations:
|
RDP brute force attack |
Medium |
Continuous attempts to log in to an ECS instance over RDP were detected, indicating that an attacker is attempting to hack into the ECS instance using RDP. |
The RDP port is open to the public network. You are advised to perform the following operations:
|
Web brute force attack |
Medium |
Continuous attempts to log in to your web service (such as a login page) were detected, indicating that an attacker is attempting to hack into the web service (such as the web application login page). |
The background management pages (such as phpMyAdmin and Tomcat management pages) of the application are open to the public network, and login verification is not performed for login pages for services that need to be accessed from the public network. You are advised to perform the following operations:
|
MySQL brute-force attack |
Medium |
Continuous attempts to log in to MySQL instance on an ECS instance, indicating that an attacker is attempting to hack into the MySQL instance on the ECS instance. |
The MySQL service port is open to the public network. You are advised to perform the following operations:
|
Microsoft SQL brute force attack |
Medium |
Continuous attempts to log in to Microsoft SQL Server on an ECS instance were detected, indicating that an attacker is attempting to hack into Microsoft SQL Server on the ECS instance. |
The Microsoft SQL Server service port is open to the public network. You are advised to perform the following operations:
|
System brute force attack detection event |
Medium |
A brute force attack was detected. There are continuous attempts to log in to your ECS instance. |
Log in to the HSS console and handle the issue. |
Unauthorized system account |
Medium |
A brute force attack was detected. There are continuous attempts to log in to the ECS instance using an unauthorized system account. |
Log in to the HSS console and handle the issue. |
System crack success detection event |
High |
One of your ECS instances was hacked. |
Log in to the HSS console and handle the issue. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot