How to install BFD (Brute Force Detection)

Discussion in 'Tips/Tricks/Mods' started by domino, Sep 30, 2005.

  1. domino

    domino New Member

    What is BFD (Brute Force Detection)?

    BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at:

  2. badben

    badben New Member

    This may seem like a daft question but is this compatible with ISP Config.

    I am very new, embarasingly so, to linux and servers and do not want to destroy my current setup but this sounds like a very good idea security wise.

  3. falko

    falko Super Moderator Howtoforge Staff

    I don't see why it shouldn't be compatible with ISPConfig. :) As far as I understand, it's just a shell script that parses log files for attempted attacks.
  4. domino

    domino New Member

    APF and BFD (BFD needs APF to work) runs completly independent from ISPConfig. You may install it without worrying about breaking IPFC. You just have to turn off the firewall option in ISPC Control Panel before installing APF and BFD. Please do read the MAN pages and look at example config files so that you dont lock youself out.
  5. badben

    badben New Member


  6. Ovidiu

    Ovidiu Active Member

    one more question:

    I started using apf with the ad and bfd modules, yet I still see entries like these in my logfiles:

    shouldn't bfd take care of these or am I wrong?
  7. falko

    falko Super Moderator Howtoforge Staff

  8. Ovidiu

    Ovidiu Active Member

    as I have understood it bfd (=brute force detection) should take care of brute force attacks against any port and any service...

    for ssh atacks I already run fail2ban which takes care of those - at least it should :) I was just wondering why I see no action from bfd...
  9. bwrob

    bwrob New Member

    I run shorewall firewall with a rule like
    ACCEPT net $FW tcp 22 - - 1/min:2
    Means, one can log only twice in one min.
    That seems to work they go away.
    Last edited: Mar 17, 2006
  10. JLChafardet

    JLChafardet New Member

    It does, but only if you have APF runing. if you have APF runing in DEVEL mode it will flush rules every 5 mins, so isnt of much use this way.

Share This Page