Basic cPanel Server Hardening - Part 3

In part 2 I showed you how to install and configure Advanced Protection Firewall (APF). In this installment I will show you how to install and configure Brute Force Detection (BFD). This tool is just as easy to install as APF and works with APF to help block attackers. It checks the server logs every few minutes looking for failed login attempts. Too many failed attempts from the same IP address and it uses APF to block the IP from all access to the server.

Execute these commands to download and install it. You may need to change the version number in the third command if BFD has been updated.

wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar -xzf bfd-current.tar.gz
cd bfd-1.3 # current version number as of this post
sh install.sh

Now that BFD is installed edit /usr/local/bfd/ignore.hosts and add the same IP addresses that you added to /etc/apf/allowed_hosts.rules so that BFD will not try to block you if you mistype your password too many times in a row.

That's all there is to adding basic protection from brute force attacks to your server. It will not protect your server from slow brute force attacks so you still need to be sure you keep the system up to date and enforce strong passwords for all users. In part 4 I will go over securing the /tmp directory.