Cyber Security Consultancy

We provide businesses cyber security consultancy solutions tailored to suit your needs. To get a quote based on per hour session please use the link below.

Contact Us

Dedicated Hosting Solutions

Custom Dedicated servers made to your Specifications whether its for your business online presence or to host your custom aplications.

Read More

Frontline Sales Team

For Frontline Cyber Security Ltd custom solutions please contact our sales team for pricing guides using the contact button below.

Contact Us
Frontline Cyber Security LTD Blog

Brute Force 900k + Attempts on a New Server

Brute Force Attack Report – This article is going to cover an attack we have had on a new network from the second it was connected to the internet.

Instantly we were collecting data showing the determination of people trying to gain “root” access to our Server.

Our data shows us that on the 21/August/2017 we had 150,000 failed logon attempts.

We will start by describing the attack type and potential risk involved.

Attack TYPE:-

Brute force attack, SSH service authentic action attack

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Attempts graph at the time of this report.

Internet Browsing Tips:-

Brute Force Graph

Failed Logins – Failed Logins. Last 150 Events.

Attack Origins:-

As shown in the chart below 27.1% of the attacks including the 1st IP to attempt SSH access was from China closely followed by Russia via a botnet attack.

Location Graph

Duration of The Attack:-

This attack started on 19/08/2017 and is still ongoing at over 20k attempts per day (Please note this attack is being monitored 24/7 by Frontline Cyber Security Ltd and is against one of our test servers using honey pots).

We are sharing this information we are gathering with Action Fraud to help people detect and defend against future attacks from the target IP addresses.

Further details on this attack can be found on our Open Threat Exchange profile via the link below.

Risk to Business Explained:-

If this attack was to target your company servers the risks are very high depending on your password strength and server security see below (with speed of 1,000,000,000 Passwords/sec, cracking an 8-character password composed using 96 characters takes 83.5 days. But a recent research presented at Password^12 in Norway, shows that 8-character passwords are no safer. They can be cracked in 6 hours)

If they crack your root – admin password they essentially control your server so please ensure you have protection in place for example:

  • Rate Limiting the Login Attempts
  • Hiding the login page
  • Using htaccess
  • Hardware Firewall / IP Tables
  • Two-factor authentication enabled

Thank you for reading.

Report written by Frontline Cyber Security Ltd

Newark On Trent

If you would like to ask any questions please feel free to email us on This email address is being protected from spambots. You need JavaScript enabled to view it. or use our live support at the bottom right of your screen. We are always happy to help.


Frontline Cyber Security LTD Helping Keep The Web Safe! Call Us Today 01636 857310