Security basics

Tom Rivers tom at impact-crater.com
Thu Oct 4 15:05:26 UTC 2007


On Thu, 2007-10-04 at 10:12 -0400, Jacques B. wrote:
> I had SSH activated for a while on a box because I needed remote
> access to administer the web server (I was hosting a pretty basic site
> for some elementary school kids - kid friendly links).  I wrote a
> couple of scripts to carve out offending traffic in my logs and tag a
> standard paragraph to it advising the IP owner of malicious traffic
> originating from their network.  Some responded (most did) thanking me
> for advising them and stating that they would look into it.  Usually
> another infected machine as was pointed out in this thread.  Much like
> if someone was able to compromise your box and then use it to initiate
> attacks against other systems.  Your ISP would come to you telling you
> that they will take you off the grid until you correct the problem.
> 
> Jacques B.
> 

As an aside, I use fail2ban which allows me to set a threshold for
failed SSH access (and thresholds for other services as well).  Once the
threshold has been reached, the firewall is reconfigured to deny access
for as long as you'd like.  It allowed me leave keep my SSH port for
those applications that can't switch to another port and stopped every
brute force attack at the same time.

http://www.fail2ban.org/wiki/index.php/Main_Page

You can install it with yum too:  yum install fail2ban


Tom




More information about the users mailing list