There are a variety of techniques for stopping or preventing brute force attacks.
A robust password policy is the most evident. Strong passwords should be enforced by every web application or public server. Standard user accounts, for example, must contain at least eight characters, a number, uppercase and lowercase letters, and a special character. Furthermore, servers should mandate password updates on a regular basis.
Brute Force attack can also be avoided by the following methods:-
- Limit the number of failed login attempts.
- By altering the sshd_config file, you can make the root user unreachable via SSH.
- Instead of using the default port, change it in your sshd config file.
- Make use of Captcha.
- Limit logins to a certain IP address or range of IP addresses.
- Authentication using two factors
- URLs for logging in that are unique
- Keep an eye on the server logs.