Dear all, I have written an article how to block cracker using denyhosts. This is the excerpts: Internet is a cruel world. Server owner that is always connected to the internet knows this. Crackers are always trying to hack into our server day and night, 24 hours, 365 days non-stop. How do we secure our server? There are many ways to do it, one of them is using denyhosts. With it, we can block those crackers after certain amount of failed login attempts.
The article can be found at: http://linux2.arinet.org/index.php?option=com_content&task=view&id=1...
Knowledge belongs to everyone,
Am Do, den 30.03.2006 schrieb Fajar Priyanto um 16:43:
The article can be found at: http://linux2.arinet.org/index.php?option=com_content&task=view&id=1...
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
Not a comment about the content but the design: you should rethink about the colors you use. Writing an article normally means you expect and hope for readers. I must confess that I really quick give up on pages like that with black background and a grey to dark-grey font color. It simply stresses my eyes much too much. All this Courier new part is simply unreadable by me.
My 2¢
Regards
Alexander
Alexander Dalloz wrote:
Am Do, den 30.03.2006 schrieb Fajar Priyanto um 16:43:
The article can be found at: http://linux2.arinet.org/index.php?option=com_content&task=view&id=1...
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
Not a comment about the content but the design: you should rethink about the colors you use. Writing an article normally means you expect and hope for readers. I must confess that I really quick give up on pages like that with black background and a grey to dark-grey font color. It simply stresses my eyes much too much. All this Courier new part is simply unreadable by me.
I find this quite often too. However, if the content looks sufficiently interesting, it's worth trying setting the "Page Style" to "No Style" in Firefox under the "View" menu, which gets rid of the css that the site has used to make their content unreadable :-)
Paul.
Am Do, den 30.03.2006 schrieb Paul Howarth um 17:08:
I find this quite often too. However, if the content looks sufficiently interesting, it's worth trying setting the "Page Style" to "No Style" in Firefox under the "View" menu, which gets rid of the css that the site has used to make their content unreadable :-)
Paul.
Nice tip, thanks Paul - it helps a lot for this kind of design :)
Alexander
On Thu, 30 Mar 2006 17:13:04 +0200, Alexander Dalloz wrote:
Am Do, den 30.03.2006 schrieb Paul Howarth um 17:08:
I find this quite often too. However, if the content looks sufficiently interesting, it's worth trying setting the "Page Style" to "No Style" in Firefox under the "View" menu, which gets rid of the css that the site has used to make their content unreadable :-)
Paul.
Nice tip, thanks Paul - it helps a lot for this kind of design :)
Alexander
Here's a tip you may or may not find useful. If you set your default browser to be Dillo, and it hits such a display, you can either copy the URL from Dillo (faster and more easily for the most part than from gmane or an email)into another open browser -- or look at a thread dated 1/13 & 14/2006 and called "Current color control??" on gmane.comp.web.dillo.devel; there's a suggestion there from Jorge Arellano Cid which was way beyond me but may appeal to Alexander and others at his level.
I find this quite often too. However, if the content looks sufficiently interesting, it's worth trying setting the "Page Style" to "No Style" in Firefox under the "View" menu, which gets rid of the css that the site has used to make their content unreadable :-)
Way cool Paul! Thanks 4 this!
S~
On Thursday 30 March 2006 10:13 pm, Stuart M Smith wrote:
I find this quite often too. However, if the content looks sufficiently interesting, it's worth trying setting the "Page Style" to "No Style" in Firefox under the "View" menu, which gets rid of the css that the site has used to make their content unreadable :-)
Way cool Paul! Thanks 4 this!
Wow, I didn't know that trick too. Thanks, I'll include it in the next article.
On Thursday 30 March 2006 16:08, Paul Howarth wrote:
Alexander Dalloz wrote:
Am Do, den 30.03.2006 schrieb Fajar Priyanto um 16:43:
The article can be found at: http://linux2.arinet.org/index.php?option=com_content&task=view&id=1... temid=2
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
Not a comment about the content but the design: you should rethink about the colors you use. Writing an article normally means you expect and hope for readers. I must confess that I really quick give up on pages like that with black background and a grey to dark-grey font color. It simply stresses my eyes much too much. All this Courier new part is simply unreadable by me.
I find this quite often too. However, if the content looks sufficiently interesting, it's worth trying setting the "Page Style" to "No Style" in Firefox under the "View" menu, which gets rid of the css that the site has used to make their content unreadable :-)
Actually, I didn't find Fajar's page too bad, but there are some really awful ones - pink or pale orange on a light grey background - my ISP is one offender. Maybe with this tip I'll actually be able to read what they say ;-)
Anne
From: "Anne Wilson" cannewilson@tiscali.co.uk
Maybe with this tip I'll actually be able to read what they say
A simpler trick is to drag select the whole page. The selected colors are usually easier to read.
{^_-}
On Thursday 30 March 2006 22:45, jdow wrote:
From: "Anne Wilson" cannewilson@tiscali.co.uk
Maybe with this tip I'll actually be able to read what they say
A simpler trick is to drag select the whole page. The selected colors are usually easier to read.
I've done that before today ;-)
Anne
On Thu, 2006-03-30 at 13:45 -0800, jdow wrote:
From: "Anne Wilson" cannewilson@tiscali.co.uk
Maybe with this tip I'll actually be able to read what they say
A simpler trick is to drag select the whole page. The selected colors are usually easier to read.
That helps when the problem is contrast but not when the text is too small to read. The text size can be changed using Ctrl+ and Ctrl- though.
Paul.
On Thu, 2006-03-30 at 16:59 +0200, Alexander Dalloz wrote:
Not a comment about the content but the design: you should rethink about the colors you use. Writing an article normally means you expect and hope for readers. I must confess that I really quick give up on pages like that with black background and a grey to dark-grey font color. It simply stresses my eyes much too much. All this Courier new part is simply unreadable by me.
In general I agree, but that site's particular colours (greys) weren't too bad. If you found it hard to read, it suggests that your monitor isn't set up very well.
On 3/30/06, Tim ignored_mailbox@yahoo.com.au wrote:
On Thu, 2006-03-30 at 16:59 +0200, Alexander Dalloz wrote:
Not a comment about the content but the design: you should rethink about the colors you use. Writing an article normally means you expect and hope for readers. I must confess that I really quick give up on pages like that with black background and a grey to dark-grey font color. It simply stresses my eyes much too much. All this Courier new part is simply unreadable by me.
In general I agree, but that site's particular colours (greys) weren't too bad. If you found it hard to read, it suggests that your monitor isn't set up very well.
or he could be like me where the eyesight isn't what it used to be and contrast becomes a major factor in reading. I figured it out the hard way when I couldn't read some small light blue print on light wood type color.
-- Leonard Isham, CISSP Ostendo non ostento.
Tim wrote:
On Thu, 2006-03-30 at 16:59 +0200, Alexander Dalloz wrote:
In general I agree, but that site's particular colours (greys) weren't too bad. If you found it hard to read, it suggests that your monitor isn't set up very well.
It also could be some LCD monitors are just so crappy that no matter how you adjust them, you cannot get any decent contrast range. This is why I went back to a CRT monitor. I am happy again. :)
I have a few comments about the article. (I package denyhosts for Fedora Extras.)
You install it via yum, and at that point it is actually configured. A proper config file is already in /etc/denyhosts.cfg, although you can of course tweak it. And there's no need to copy anything into /etc/init.d, because it's already set up.
So the procedure is just:
yum install denyhosts (edit /etc/denyhosts.cfg to your liking) chkconfig denyhosts on service denyhosts start
If you prefer to run denyhosts from cron instead of as a daemon, you can edit /etc/sysconfig/denyhosts and follow the instructions there. Other info related to the Fedora package is in /usr/share/doc/denyhosts*/README.fedora
- J<
On Thursday 30 March 2006 10:56 pm, Jason L Tibbitts III wrote:
I have a few comments about the article. (I package denyhosts for Fedora Extras.)
You install it via yum, and at that point it is actually configured. A proper config file is already in /etc/denyhosts.cfg, although you can of course tweak it. And there's no need to copy anything into /etc/init.d, because it's already set up.
So the procedure is just:
yum install denyhosts (edit /etc/denyhosts.cfg to your liking) chkconfig denyhosts on service denyhosts start
If you prefer to run denyhosts from cron instead of as a daemon, you can edit /etc/sysconfig/denyhosts and follow the instructions there. Other info related to the Fedora package is in /usr/share/doc/denyhosts*/README.fedora
Thanks Jason for the correction. But, strange, I don't have /etc/denyhosts.cfg.
rpm -qa | grep denyhosts denyhosts-2.2-1.2.fc4.rf
Also the initscript is not installed too. That's why I set it up manually then.
Fajar Priyanto wrote:
On Thursday 30 March 2006 10:56 pm, Jason L Tibbitts III wrote:
I have a few comments about the article. (I package denyhosts for Fedora Extras.)
You install it via yum, and at that point it is actually configured. A proper config file is already in /etc/denyhosts.cfg, although you can of course tweak it. And there's no need to copy anything into /etc/init.d, because it's already set up.
So the procedure is just:
yum install denyhosts (edit /etc/denyhosts.cfg to your liking) chkconfig denyhosts on service denyhosts start
If you prefer to run denyhosts from cron instead of as a daemon, you can edit /etc/sysconfig/denyhosts and follow the instructions there. Other info related to the Fedora package is in /usr/share/doc/denyhosts*/README.fedora
Thanks Jason for the correction. But, strange, I don't have /etc/denyhosts.cfg.
rpm -qa | grep denyhosts denyhosts-2.2-1.2.fc4.rf
Also the initscript is not installed too. That's why I set it up manually then.
That'll be because you've got the rpmforge version of the package rather than the Fedora Extras one.
Paul.
On Thursday 30 March 2006 11:24 pm, Paul Howarth wrote:
rpm -qa | grep denyhosts denyhosts-2.2-1.2.fc4.rf
Also the initscript is not installed too. That's why I set it up manually then.
That'll be because you've got the rpmforge version of the package rather than the Fedora Extras one.
Ohhh! No wonder there were two packages when I did yum search denyhosts, and apparently when I used the yum install denyhosts, yum downloaded the rpmforge one. denyhosts.noarch 2.2-1.2.fc4.rf dries denyhosts.noarch 2.0-1.fc4 extras
But, why did yum choose the rpmforge? Is it the version?
"FP" == Fajar Priyanto fajarpri@cbn.net.id writes:
FP> But, why did yum choose the rpmforge? Is it the version?
It must be. But your mirror is also out of date; 2.1 has been in Extras for over a month, FC5 has had 2.2 since its release and and now that CVS is working again the other releases will have it tomorrow.
The bottom line is that it's not a good idea to enable both Extras and rpmforge repos.
- J<
From: "Fajar Priyanto" fajarpri@cbn.net.id
On Thursday 30 March 2006 11:24 pm, Paul Howarth wrote:
rpm -qa | grep denyhosts denyhosts-2.2-1.2.fc4.rf
Also the initscript is not installed too. That's why I set it up manually then.
That'll be because you've got the rpmforge version of the package rather than the Fedora Extras one.
Ohhh! No wonder there were two packages when I did yum search denyhosts, and apparently when I used the yum install denyhosts, yum downloaded the rpmforge one. denyhosts.noarch 2.2-1.2.fc4.rf dries denyhosts.noarch 2.0-1.fc4 extras
But, why did yum choose the rpmforge? Is it the version?
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
For those using REAL IPTables instead of one of the silly ShoreWall type futilities:
===8<--- # Then setup the ssh reject trap. $IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \ --rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: ' $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \ --rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset ===8<---
With the values present a given site gets three tries within a 120 second interval. Once that is exceeded it is locked out until the retry count drops below 3 in 2 minutes. This means ALL attacks get blocked. It also means that if you screw up your password three times you can still get in if you wait a little bit.
I tend to review the logs which show the failed login attempts. If I find an address in a part of the world where I am VERY unlikely to find myself I simply add that whole Asian IP block to a reject rule. But really, at 30 seconds per try how long do you think it would take to guess a user password of "abcdefgh" when the user name is not known, either?
{^_-}
"FP" == Fajar Priyanto fajarpri@cbn.net.id writes:
FP> rpm -qa | grep denyhosts denyhosts-2.2-1.2.fc4.rf
That comes from rpmforge, not extras. It's too bad for the users that they choose to ship conflicting packages (and broken ones as well).
I wager that most users will have the Extras repo configured, expecially since it is on by default. The Extras package is preconfigured.
- J<
On Thu, 2006-30-03 at 09:56 -0600, Jason L Tibbitts III wrote:
I have a few comments about the article. (I package denyhosts for Fedora Extras.)
You install it via yum, and at that point it is actually configured. A proper config file is already in /etc/denyhosts.cfg, although you can of course tweak it. And there's no need to copy anything into /etc/init.d, because it's already set up.
So the procedure is just:
yum install denyhosts (edit /etc/denyhosts.cfg to your liking) chkconfig denyhosts on service denyhosts start
If you prefer to run denyhosts from cron instead of as a daemon, you can edit /etc/sysconfig/denyhosts and follow the instructions there. Other info related to the Fedora package is in /usr/share/doc/denyhosts*/README.fedora
Another quick trick that helps is to add a line to the bottom of : /etc/ssh/sshd_config
AllowGroups staff
Assign only users allowed to use ssh to group staff. This makes any user not in group staff appear to have an invalid password whether or not it is. Of course you can use any group you want, this just happens to be the one I use to allow ssh on my servers. The other part is ensuring all users in group staff have _*GOOD*_ passwords.
I believe you can also disable ssh-agent and manually assign the public keys to .ssh/known_hosts . I don't use this anymore it was a PITA.
On Thu, 30 Mar 2006 09:56:11 -0600, Jason L Tibbitts III wrote:
I have a few comments about the article. (I package denyhosts for Fedora Extras.)
You install it via yum, and at that point it is actually configured. A proper config file is already in /etc/denyhosts.cfg, although you can of course tweak it. [....]
When I tried that under FC4, cat denied that it existed; but after much frustration, I *think* /etc/denyhosts.conf -- .conf, not .cfg -- is what is really meant? Right? Or do I have some odd aberration?
"b" == beartooth beartooth@adelphia.net writes:
b> When I tried that under FC4, cat denied that it existed; but after b> much frustration, I *think* /etc/denyhosts.conf -- .conf, not .cfg b> -- is what is really meant? Right? Or do I have some odd b> aberration?
Sorry, it's denyhosts.conf.
- J<
-
Alexander Dalloz -
Anne Wilson -
Beartooth -
Fajar Priyanto -
Guy Fraser -
Jason L Tibbitts III -
jdow -
Leonard Isham -
Paul Howarth -
Robin Laing -
Stuart Murray-Smith -
Tim