How can you avoid a brute force attack?

There are a variety of techniques for stopping or preventing brute force attacks.

A robust password policy is the most evident. Strong passwords should be enforced by every web application or public server. Standard user accounts, for example, must contain at least eight characters, a number, uppercase and lowercase letters, and a special character. Furthermore, servers should mandate password updates on a regular basis.
Brute Force attack can also be avoided by the following methods:-

  • Limit the number of failed login attempts.
  • By altering the sshd_config file, you can make the root user unreachable via SSH.
  • Instead of using the default port, change it in your sshd config file.
  • Make use of Captcha.
  • Limit logins to a certain IP address or range of IP addresses.
  • Authentication using two factors
  • URLs for logging in that are unique
  • Keep an eye on the server logs.