On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote:
Ray Leventhal wrote:
James A. Peltier wrote:
Rudi Ahlers wrote:
Tim Alberts wrote:
So I setup ssh on a server so I could do some work from home and
I think the second I opened it every sorry monkey from around the
world has been trying every account name imaginable to get into
the system.
What's a good way to deal with this?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
1. Change the default port
2. use only SSH protocol 2
3. Install some brute force protection which can automatically ban
an IP on say 5 / 10 failed login attempts
4. ONLY allow SSH access from your IP, if it's static. Or signup
for a DynDNS account, and then only allow SSH access from your
DynDNS domain
Fail2Ban is a good brute force protector. It works in conjunction
with IPTables to block IPs that are attacking for a said duration
of time. :)
I haven't used Fail2Ban, but I do like what I've been experiencing
with apf[1] and sim[2]. The Reactive Address Blocking (RAB) feature
in apf is a bit timesaver, but I expect Fail2Ban has something
similar. apf is basically an easier (for me, anyway) of managing
iptables. Manually banning an ip or block is as easy as adding it to
the deny_hosts.rules file and restarting apf. RAB really helps, again
imo.
HTH,
-Ray
[1] http://rfxnetworks.com/apf.php
[2] http://rfxnetworks.com/sim.php
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Here's a quick howto for Suse10.3, but the principles stay the same.
Fail2Ban can be used for many other things as well, like FTP, MySQL,
SMTP, etc :)
I don't see the how-to...
--
Cheers,
Trey
Adversity is the trial of principle.
Without it, a man hardly knows whether he is honest or not.
--Henry Fielding
Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux
2:21pm up 19:37, 5 users, load average: 0.68, 0.68, 0.65
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos