X

ModSecurity will now prevent brute force attacks

We now have the ModSecurity Apache plugin running on all of our web hosting servers. This little plugin acts as a firewall for web applications and has so far reduced the number of hacked websites on our servers significantly.

As of this week, ModSecurity will also prevent “brute force” attacks. A brute force attack stands for an attempt to guess the username and password of a web application, using a predefined set of usernames and passwords and combining them at random.

If there are more than 15 failed login attempts from an IP address within 3 minutes, the IP address will be blocked from the website for the next 30 minutes.

To help the ModSecurity plugin combat brute force attacks, our App Installer is also configured to replace the default “admin” username, which is used by the majority of web applications by default.

admin: