Risk Analysis of Bruteforce Attacks on Webserver with Telegram Notifications

Budi Wibowo; Luqman Hafiz

doi:10.58291/komets.v3i1.305

Authors

Budi Wibowo Department of Informatics Engineering, Institut Teknologi Budi Utomo, Jakarta, Indonesia
Luqman Hafiz Department of Informatics Engineering, Institut Teknologi Budi Utomo, Jakarta, Indonesia

Keywords:

Brute force attack, Intrusion Detection System (IDS), Real-time alerts, Automated threat detection

Abstract

In today's digital era, server security is a top priority for many organizations. Intrusion Detection Systems (IDS) such as Fail2ban, have proven effective in protecting servers from threats by monitoring logs and blocking suspicious IP addresses. This paper discusses the implementation of Fail2ban integrated with Telegram notifications, how it works, testing, and results showing improvements in detecting and responding to attacks. Server ssh brute force attacks pose considerable risks to web servers and have potentially severe consequences. Implementing strong preventive measures, continuous monitoring, and leveraging Telegram notifications for real-time alerts significantly improved the organization’s security posture. These combined efforts ensure robust and responsive detection of brute force attacks. Fail2ban was able to quickly discover the IP address from which the attacker performed the brute force attack and took preventive action by blocking the attacker's Ip for 3 failed login attempts within a specified time limit of 3600 s.