hack attempt on my server...What do you do about this?
David Cary Hart
Fedora at TQMcube.com
Sat Jul 17 19:52:55 UTC 2004
On Sat, 2004-07-17 at 15:40, Jonathan T. Steadman wrote:
> Sorry this is yet another lame question, but I am new to hosting web
> server ect. just kinda experimenting actually found in my logs i came
> across some garbage (its at the bottom of this email) what do you do
> about this? Just let it be? inform ISP? wait and see if it is more
> continuous? dont know the proper thing to do i guess just making sure
> with you guys.
>
The first line of defense is usually an IPTables firewall. To help you
get started, you might consider downloading webmin which creates a nice
browser-based interface to configuration. Yes, others will suggest that
this stifles the learning curve but protecting the machine is more
important IMO.
As a general rule of thumb, close of every port except those that you
absolutely need. In this case, do you really need external ssh access?
In general just set the default input policy to Drop and then create
rules for ports that you want access to. The last line is usually a LOG
entry so that you get a print of what you are rejecting. Our small
network rejects about 3,000 connections per hour.
Once you get that done, you might want to take a look at a package
called psad which creates alerts.
More information about the users
mailing list