• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hacking attempts on server

tonygeor

tonygeor

Senior member
This is for members who have a web hosting accounts. My server informs me whenever theirs been an attempt to access root. I get about 8 emails a day of random ips (mostly in china) trying to gain access. Is this typical?
 
the proper place to post this would be in the Security forum. You will get better responses than OT.
 
I'm surprised it's that low.

Things you can do to lower your risk

1) Change SSH ports
2) Disable ROOT logins via SSH
3) Require public/private keys + passphrase for login
4) Install fail2ban
5) Use port knocking
 
Lol that's very typical. When I ran FTP on my server I had thousands of hack attempts. Most were brute force things with default passwords and user names. I ended up setting up autobans when there were more then 5 attempts from the same ip and I still had hundreds of new ips lol... All this was just for a private server hosted from a residential line lol. Now I just use apache with no online config options for anything and no dynamic scripting lol. Do everything over VPN for security.
 
Right now the firewall seems to be doing a descent job from what i can tell. Once the Ip tries to login 5 times it is permanently blocked. Also if anyone ever gains root I get an email. I just think its pretty messed up that theirs all these groups scouring the internet just to find an open door.
 
tonygeor said:
Right now the firewall seems to be doing a descent job from what i can tell. Once the Ip tries to login 5 times it is permanently blocked. Also if anyone ever gains root I get an email. I just think its pretty messed up that theirs all these groups scouring the internet just to find an open door.
Click to expand...

Set up VPN if you can. take the server out of the dmz and only forward the ports you need to access http/https/whatever the fuck else. Open SSH is a disaster imvao.
 
Last edited:
Crusty said:
I'm surprised it's that low.

Things you can do to lower your risk

1) Change SSH ports
2) Disable ROOT logins via SSH
3) Require public/private keys + passphrase for login
4) Install fail2ban
5) Use port knocking
Click to expand...

I wouldn't do #1. Security by obscurity is a bad habit to get into, in my opinion.

#2 sounds good.... /etc/ssh/sshd_config, PermitRootLogins No

#3 works well, but it could get annoying for you, especially if you login from different machines a lot.

#4 is the best choice, in my opinion. There's an easier way to do it with iptables (Linux) or pf (FreeBSD) that makes fail2ban not needed... I can post the one line ruleset if you'd like.

#5 is good, too.
 
I joined in 2007, signed up for 4 years...deployed in 2009 as a Military Intelligence Analyst (same job as that Manning dumbass). Came back after a year and now I'll be getting out in 2 months...w00t!
 
manlymatt83 said:
#4 is the best choice, in my opinion. There's an easier way to do it with iptables (Linux) or pf (FreeBSD) that makes fail2ban not needed... I can post the one line ruleset if you'd like.
Click to expand...

Lay it on me, thought I think the firewall has been doing a good job. It's always good to learn something new 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top