Plagiarism Checker X - Report

Originality Assessment

9%
Overall Similarity

Date: Oct 6, 2024 Remarks: Low similarity Verify Report:

Matches: 259 / 2795 words detected, consider making Scan this QR Code
Sources: 16 necessary changes if needed.

v 9.0.2 - WML 4
FILE - KOMETS 305 BLIND.DOCX
Risk Analysis of Brute force Attacks on Webserver with Telegram Notifications

ABSTRAK

In today's digital age, server security is one of the top priorities for many organizations.

Intrusion Detection Systems (IDS) such as Fail2ban have proven effective in protecting

servers from threats by monitoring logs and blocking suspicious IP addresses. The use of

Telegram as a notification medium further improves responsiveness and efficiency in

dealing with threats. This paper discusses the implementation of Fail2ban integrated with

Telegram notifications, how it works, testing, and results that show improvement in

detecting and responding to attacks. 1 Brute force attacks pose a considerable risk to

web servers, with potentially severe consequences. Implementing strong preventive

measures, continuous monitoring, and leveraging Telegram notifications for real-time alerts

significantly improved the organization's security posture. These combined efforts ensure

robust detection and responsiveness 1 to brute force attacks. Fail2ban was able to

quickly discover the IP address from which the attacker performed the brute force attack

and took preventive action by blocking the attacker's Ip for 3 failed logins within a specified

time with a time limit of 3600 seconds.

KEYWORD Brute force, data breaches, unauthorized access, threats, vulnerabilities.

1. INTRODUCTION

The rapid development of technology with various functions and conveniences is

increasing regarding the security of technology, especially in systems that store a lot of

information. Continuing infrastructure advances and complex systems are not free from

potential security vulnerabilities in system configuration and functionality.[1] The more

widespread data leaks, especially information leakage to unauthorized parties, will be very

detrimental to system owners and users with the information data.[2] The more accessible

information about hacking and cracking knowledge in cyberspace makes it more

accessible, and many cybercriminals emerge to carry out infiltration. Or attack. The attacks

are carried out massively and continuously, where the problem is challenging to monitor

manually in real-time by the administrator, while these attacks can occur at any time.[3]

Attacks often occur, including a Brute force login and a spontaneous activity carried out

automatically with tools searching for all possible valid usernames and passwords. [4]

Previous research will be developed by preventing attacks on brute force attacks. Later,

attack logs will be sent to the database. Then notifications will be sent via the Telegram

platform to stop attacks and simplify the classification and analysis process, producing

output that is easy for administrators to read if there is an attack on the server and

administrators can overcome it against attacks on the server.[5]

Arif Rahman et al. research analyzes notification systems built using Snort as NIDS with

WhatsApp and Telegram as notification platforms.[6] Furthermore, Budi Wibowo et al.

research discussed smart homes with the Internet of things being attacked and then

providing attack notifications via telegram. This research introduces a Telegram-based

notification system as a method to provide real-time alerts when brute force activity is

detected on a web server. This provides an advantage over traditional methods that may

not provide instant notifications or use less efficient notification systems.[7] By using

Telegram, the system allows administrators to respond quickly 1 to brute force attacks.

Alerts sent via Telegram can be instantly received on mobile devices, allowing for a faster

response compared to other notification methods that may require logging into a security

system or monitoring a dashboard.[8]

So, from the problems above, it facilitates and carries out automatic prevention and helps

the work of system administrators who can be accessed remotely or systems that can

detect attacks automatically, provide analysis, or report results against attacks. Therefore,

this study aims to minimize the threat of attacks from internal or external parties from

cyber-attacks by blocking access to servers with social media telegram notifications in real-

time. and ban any IP that attempts to log in too many times or performs other unwanted

actions within a timeframe set by the administrator.[9] Brute force attacks involve
systematically attempting numerous 1 combinations of usernames and passwords to gain

unauthorized access to a web server.[10][11] The increasing sophistication and automation

of these attacks necessitate robust detection and response mechanisms. 3 This paper

focuses on integrating Telegram notifications for real-time alerting to enhance the response

to brute force attacks.[12]

2. METHOD RESEARCH

This research shows that Telegram-based notification systems offer advantages in terms

of speed and ease of access compared to previous methods that may rely on email

notifications or web-based monitoring systems. While emails may be delayed or caught in

spam filters, Telegram notifications are faster and received immediately on mobile

devices.[10] This research provides empirical data showing that Telegram notification

systems are more effective in improving responses 1 to brute force attacks compared to

other less real-time notification methods. Previous studies have shown various detection

methods for brute force attacks, but not many have integrated real-time notification

systems such as Telegram. This research aims to fill this gap by analyzing the

effectiveness of Telegram notifications in improving responses to brute force attacks.[13]

The first step in this method is to identify suitable research methods, where the researcher

lists and collects data from various sources to determine the prevention methods needed

1 to prevent brute force attacks.[14] Secondly, the literature study stage is conducted,

which involves collecting the theoretical basis that supports the research. The literature

used includes journals, articles, and books related to brute force attacks. In the third stage,

the researcher selects the method to be used.[6][10][15] In this stage, the parameters to

prevent brute force attacks are determined, using an Intrusion Prevention System (IPS)

method that works based on predefined parameters.[11] The researcher configured the

system so that if an attacker tries to log into the SSH session three times, the system will

block the IP address.[16] The next step was to build the research environment with all the

software components required in this research. 13 The final stage of the process was
testing and data collection, where researchers tested a three-stage system. In the first

stage, the target was attacked without the protection of the Fail2ban security system. In the

next stage, the attack was carried out with Fail2ban enabled, which would block the attack

and display a log of the IPs that had been blocked.

Figure.1 represents each step in the research methodology and shows the progression

from identifying methods to the final testing and data collection stages

The Method used in this study uses a research and development approach [11]. In this

study the methodology used includes:

Literature Study

At this stage, collecting data related to information on the threat 1 of brute force attacks.

Stage of Analysis

At this stage, the researcher conducted an analysis related to tools and work processes.

Stage of Test

In this process, a brute-force attack simulation is carried out against predetermined targets

that Fail2ban has not implemented. Where Fail2ban works by automating firewall

configurations on the server, and when functioning, Fail2ban takes over the firewall

function on the server side.[12]

Implementation and Configuration

This stage implements Fail2ban and integrates notifications via telegram as information

about brute-force attacks on the server side.[13]

Figure.2 3 The following is the process done in building this system

The ability to break down complex problems or information into smaller, more

understandable parts is called analysis. In addition to the tools and equipment needed for

their research, researchers also use security measures such as scanning and blocking

attackers' IP addresses to protect their servers from attempts to steal or tamper with data

by irresponsible parties.

Figure.3 attacker tries to carry out an attack

In the research process that was carried out, several stages of the process are needed to

be able to build an IDS system with the result in the form of notifications that reach the

administrator through Telegram media. 3 The following is the process done in building

this system, as listed in Figure 1 below.

3. RESULT AND DISCUSSION

The result of this investigation is a notification 1 of brute force attack activity that was

successfully recognized by the fail2ban installed server based on an agreement with the

specified rules. Network security monitoring notification systems certainly require a fast

response time so that administrators can receive them quickly. This is necessary so that

administrators know what steps need to be taken to prevent attacks that occur. If it is

dangerous, further action is needed to prevent major damage to the server. The research

process carried out requires several stages of the process to be able to build an IDS

system, the results of which are communicated to the administrator via Telegram media.

Figure.3 brute force attack notification

Based on the test results, Fail2ban IDS software is proven effective in detecting attacks

that enter the server, blocking the attack source IP, and informing administrators about the
attack via the Telegram application. 3 The following is the basic configuration of the

fail2ban server design for preventive measures on the network segment ip 192.168.153.x

in table 1 the fail2ban configuration is done Create a copy of jail.conf cp

/etc/fail2ban/jail.conf /etc/fail2ban/jail.local. by creating blocking / banned rules

Table 1. fail2ban configuration banned rules

ignoreip = 127.0.0.1/8 192.168.153.10

bantime = 3600

findtime = 120

maxretry = 3

Figure.4 Directory attack on web server with 200 code response condition

From the attacker or hacker side, two directories with code 200 were detected, whose data

is represented. The attack log on port 80 of the webserver from the hacker side is also

included. Analysis of Wazuh SIEM data acquisition shows the standard deviation value of

the attack. In the attack, the tools used tried to guess the directory for 12,361 hits in one

attack detected by Wazuh. Then the hacker experiment tries to do scanning with directory

search conditions with status code 200 which means that the directory is valid in the

webserver directory location. With the payload dirsearch -u (target ip) -include-status=200

as shown below, the directory is displayed only with a 200-response code that will be

displayed on the hacker terminal.

During testing, Fail2ban successfully detected brute force attacks against SSH services

with a high degree of accuracy. The tool effectively recognizes suspicious login attempt

patterns and sends notifications to system administrators. Whenever 1 a brute force

attack is detected, it automatically takes response actions according to the predefined

configuration. These responses include blocking the source IP address, providing security

alerts, and logging the event for further auditing. Based on test data, it was able to

recognize more than 95% of brute force attacks on the monitored services. This
demonstrates the system's reliability and quick response rate in the face of evolving

security threats. Replace [IP_Address_Server] with the IP address of the targeted Wazuh

server.

9 Use the following command to run a brute force attack:

#hydra -L username.txt -P password.txt ssh://[IP_Address_Server]

The calculation of the responsiveness of the IDS system is both the responsiveness of the

length of the system to detect attacks until it successfully sends notifications to the

administrator. The results of testing the level of responsibility are used to measure how

effective the IDS system built and the use of Telegram as a medium for delivering intrusion

notifications. To get the detection speed time, it is calculated based on the average

obtained from the difference between the time the attack starts and the time the attack is

detected by the IDS system. In addition, the notification speed time 14 can be obtained

from the difference between the time the attack was detected and the time the notification

reached the administrator via Telegram bot. Integration with Telegram allows

administrators to receive real-time notifications, so they can act faster. Fail2ban's

implementation integrated with Telegram notifications proved effective in improving server

security. The system is not only able to detect and block attacks, but also ensures that

administrators are immediately notified of threats. This integration is recommended for

organizations that want to improve responsiveness in dealing with security threats. As a

network administrator, he should be responsible for network traffic on the server, so it is

mandatory to monitor and maintain 3 the security of the server network so that it runs

safely without interruption. Judging from the problems obtained, it is necessary to develop

a development that lies in the part of recording activities or logs that detect attacks on the

server. If there is an attack activity and it is detected, a warning message will appear on the

Telegram that is running. The reason for using Telegram is because Telegram can be used

on various devices, so the network administrator server can use any device that can be

installed with Telegram to get a warning message 15 in the event of an attack. And there is

a Bot feature that can be used as information automation which will certainly make it easier
for people who will use it. The focus in this development is to integrate to detect attacks

that will appear 3 in the form of warning messages that will be sent to the Telegram Bot

carried out by Fail2ban. So, it can be concluded that the purpose of this research is to

meet the needs of the network administrator server in maintaining the network security

system on the server by securing it with the Fail2ban configuration to detect an attack and

send a warning message to Bot Telegram.

4. CONCLUSION

In addition, trials on other types of crops 1 Brute force attacks pose a considerable risk to

web servers, with potential for severe consequences. Implementing strong preventive

measures, continuous monitoring, and utilizing Telegram notifications for real-time alerts

significantly enhances an organization’s security posture. These combined efforts ensure

robust detection and responsive capabilities 1 against brute force attacks. Fail2ban can

quickly find the IP address from which the attacker performs a bruteforce attack and take

preventive action by blocking the attacker's ip due to 3 failed login attempts within a certain

time with a time limit of 3600 seconds.

5. REFERENCES

[1] D. Y. Kao, E. C. Chang, and F. C. Tsai, “Extracting Suspicious IP Addresses from

WhatsApp Network Traffic in Cybercrime Investigations,” Int. Conf. Adv. Commun.

Technol. ICACT, vol. 2019-Febru, no. 1, pp. 1108–1115, 2019, doi:

10.23919/ICACT.2019.8701941.

[2] Z. T. Sworna, Z. Mousavi, and M. A. Babar, “NLP 7 methods in host-based intrusion

detection systems: A systematic review and future directions,” J. Netw. Comput. Appl., vol.

220, no. November 2022, p. 103761, 2023, doi: 10.1016/j.jnca.2023.103761.

[3] K. Razikin and B. Soewito, “Cybersecurity decision support model to designing

information technology security system based on risk analysis and cybersecurity

framework,” Egypt. Informatics J., vol. 23, no. 3, pp. 383–404, 2022, doi:

10.1016/j.eij.2022.03.001.
[4] 8 R. Ramadhan, J. Latuny, and S. J. Litiloly, “Perancangan Pengamanan Server

Apache Menggunakan Firewall Iptables Dan Fail2Ban,” vol. 0, no. 0, pp. 9–15, 2022.

[5] K. A. Prasetyo, M. Idhom, and H. E. Wahanani, “Pada Multiple Server Dengan

Menggunakan,” vol. 1, no. 3, pp. 789–796, 2020.

[6] 2 Syaifuddin, D. Risqiwati, and E. A. Irawan, “Realtime Pencegahan Serangan Brute

Force dan DDOS Pada Ubuntu Server,” Techno.Com, vol. 17, no. 4, pp. 347–354, 2018,

doi: 10.33633/tc.v17i4.1766.

[7] A. R. Hakim, J. Rinaldi, and M. Y. B. Setiadji, “Design 10 and Implementation of NIDS

Notification System Using WhatsApp and Telegram,” 2020 8th Int. Conf. Inf. Commun.

Technol. ICoICT 2020, pp. 3–6, 2020, doi: 10.1109/ICoICT49345.2020.9166228.

[8] B. Wibowo, “Smart 5 Home Security Analysis Using Arduino Based Virtual Private

Network”.

[9] M. Sulthan, A. Rahmatullah, A. Muhandhatul Nabila, S. S. Dewi, V. Datry, and F. A.

Azaruddin, “Implementasi SIEM dan IDS Dalam Monitoring Terhadap Ancaman Serangan

Pada WEB Server,” vol. 2, no. 1, pp. 130–137, 2024, [Online]. Available:

https://doi.org/10.59841/saber.v2i1.666

[10] D. Kusuma, U. Darussalam, and D. Hidayatullah, “Implementasi Monitoring Jaringan

Melalui Aplikasi Sosial Media Telegram Dengan Snort,” J I M P - J. Inform. Merdeka

Pasuruan, vol. 5, no. 1, pp. 6–9, 2020, doi: 10.37438/jimp.v5i1.242.

[11] T. Hidayat, “Internet 11 of Things Smart Agriculture on ZigBee: A Systematic Review,”

J. Telekomun. dan Komput., vol. 8, no. 1, p. 75, 2017, doi: 10.22441/incomtech.v8i1.2146.

[12] A. T. Zy, A. R. Widya, and D. Taryana, “Analisa Keamananan Server Iot,” no.

September, 2019.

[13] 6 Stefan Stanković, Slavko Gajin, and Ranko Petrović, “A Review of Wazuh Tool

Capabilities for Detecting Attacks Based on Log Analysis,” IX Int. Conf. IcETRAN, vol. IX,

no. june, pp. 6–9, 2022.

[14] A. Yuswanto and B. Wibowo, “a 5 Systematic Review Method for Security Analysis of

Internet of Things on Honeypot Detection,” Teknokom, vol. 4, no. 1, pp. 16–20, 2021, doi:
10.31943/teknokom.v4i1.54.

[15] M. B. Khan, “Advanced Persistent Threat: Detection and Defence,” 2020, [Online].

Available: http://arxiv.org/abs/2004.10690

[16] H. Wang, H. 4 He, W. Zhang, W. Liu, P. Liu, and A. Javadpour, “Using honeypots to

model botnet attacks on the internet of medical things,” Comput. Electr. Eng., vol. 102, no.

January, p. 108212, 2022, doi: 10.1016/j.compeleceng.2022.108212.

Penulis dkk. : Judul artikel

12 Jurnal Komputer dan Elektro Sains, Vol. AA No.BB, 1-3

VOLUME 19(3), 2020

16 Jurnal Komputer dan Elektro Sains, Vol.1 No.1, Maret 20xx, 1-3

https://ejournal.sultanpublisher.com/index.php/komets

Received : MM-22, yyyy, Accepted: MM-dd, yyyy, Publication: MM-dd, yyyy

E-ISSN: 3021-8462, DOI: https://doi.org/10.58291/komets.v1i1.xx

0
Sources
https://encryptcentral.com/what-is-a-brute-force-attack-and-how-can-i-protect-against-it/
1 INTERNET
3%
https://jurnal.unimed.ac.id/2012/index.php/cess/article/view/40259
2 INTERNET
1%
https://www.mdpi.com/2624-800X/1/4/32
3 INTERNET
1%
https://s2.ist.psu.edu/pub-liu-group.html
4 INTERNET
1%
https://www.researchgate.net/publication/339170304_Smart_Home_Security_Analysis_Using
5 _Arduino_Based_Virtual_Private_Network
INTERNET
1%
https://etran.rs/2022/zbornik/ICETRAN-22_radovi/068-RTI2.6.pdf
6 INTERNET
1%
https://arxiv.org/abs/2201.08066
7 INTERNET
<1%
https://sinta.kemdikbud.go.id/authors/profile/5999025/?view=googlescholar
8 INTERNET
<1%
https://hackblue.org/pages/using_hydra_for_brute_force_at.html
9 INTERNET
<1%
https://ieeexplore.ieee.org/document/9166228
10 INTERNET
<1%
https://www.researchgate.net/profile/Taufik-
Hidayat-6/publication/341434003_Internet_of_Things_Smart_Agriculture_on_ZigBee_A_Syste
11 matic_Review/links/5ec0d1e3299bf1c09ac0f3d0/Internet-of-Things-Smart-Agriculture-on-
ZigBee-A-Systematic-Review.pdf
INTERNET
<1%
https://www.researchgate.net/publication/373373144_Sistem_Monitoring_Pemakaian_Energi
_Listrik_Pada_Kamar_Kost_Menggunakan_Aplikasi_Blynk_Berbasis_Internet_of_Things/fulltex
12 t/64e8a0a60453074fbdb18a38/Sistem-Monitoring-Pemakaian-Energi-Listrik-Pada-Kamar-Kost-
Menggunakan-Aplikasi-Blynk-Berbasis-Internet-of-Things.pdf
INTERNET
<1%
https://quizlet.com/323543465/methods-of-research-chap-1-flash-cards/
13 INTERNET
<1%
 https://en.wikipedia.org/wiki/Transmission_time
14 INTERNET
<1%
https://guard911.com/the-difference-between-active-shooter-notification-time-response-
15 time/
INTERNET
<1%
https://scholar.google.com/citations?user=GENwZFQAAAAJ
16 INTERNET
<1%

EXCLUDE CUSTOM MATCHES ON

EXCLUDE QUOTES OFF

EXCLUDE BIBLIOGRAPHY OFF