• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

Hacking attempts on server

tonygeor

Senior member
Dec 27, 2009
259
0
0
www.blamza.com
This is for members who have a web hosting accounts. My server informs me whenever theirs been an attempt to access root. I get about 8 emails a day of random ips (mostly in china) trying to gain access. Is this typical?
 

Iron Woode

Elite Member
Super Moderator
Oct 10, 1999
31,298
12,818
136
the proper place to post this would be in the Security forum. You will get better responses than OT.
 

Crusty

Lifer
Sep 30, 2001
12,684
2
81
I'm surprised it's that low.

Things you can do to lower your risk

1) Change SSH ports
2) Disable ROOT logins via SSH
3) Require public/private keys + passphrase for login
4) Install fail2ban
5) Use port knocking
 

Lean L

Diamond Member
Apr 30, 2009
3,685
0
0
Lol that's very typical. When I ran FTP on my server I had thousands of hack attempts. Most were brute force things with default passwords and user names. I ended up setting up autobans when there were more then 5 attempts from the same ip and I still had hundreds of new ips lol... All this was just for a private server hosted from a residential line lol. Now I just use apache with no online config options for anything and no dynamic scripting lol. Do everything over VPN for security.
 

tonygeor

Senior member
Dec 27, 2009
259
0
0
www.blamza.com
Right now the firewall seems to be doing a descent job from what i can tell. Once the Ip tries to login 5 times it is permanently blocked. Also if anyone ever gains root I get an email. I just think its pretty messed up that theirs all these groups scouring the internet just to find an open door.
 

rudeguy

Lifer
Dec 27, 2001
47,351
14
61
hi tony!

First post a year after registering? You have some mighty fine restraint.

Pics of your sister?
 

Lean L

Diamond Member
Apr 30, 2009
3,685
0
0
Right now the firewall seems to be doing a descent job from what i can tell. Once the Ip tries to login 5 times it is permanently blocked. Also if anyone ever gains root I get an email. I just think its pretty messed up that theirs all these groups scouring the internet just to find an open door.

Set up VPN if you can. take the server out of the dmz and only forward the ports you need to access http/https/whatever the fuck else. Open SSH is a disaster imvao.
 
Last edited:

manlymatt83

Lifer
Oct 14, 2005
10,051
44
91
I'm surprised it's that low.

Things you can do to lower your risk

1) Change SSH ports
2) Disable ROOT logins via SSH
3) Require public/private keys + passphrase for login
4) Install fail2ban
5) Use port knocking

I wouldn't do #1. Security by obscurity is a bad habit to get into, in my opinion.

#2 sounds good.... /etc/ssh/sshd_config, PermitRootLogins No

#3 works well, but it could get annoying for you, especially if you login from different machines a lot.

#4 is the best choice, in my opinion. There's an easier way to do it with iptables (Linux) or pf (FreeBSD) that makes fail2ban not needed... I can post the one line ruleset if you'd like.

#5 is good, too.
 

tonygeor

Senior member
Dec 27, 2009
259
0
0
www.blamza.com
I joined in 2007, signed up for 4 years...deployed in 2009 as a Military Intelligence Analyst (same job as that Manning dumbass). Came back after a year and now I'll be getting out in 2 months...w00t!
 

tonygeor

Senior member
Dec 27, 2009
259
0
0
www.blamza.com
#4 is the best choice, in my opinion. There's an easier way to do it with iptables (Linux) or pf (FreeBSD) that makes fail2ban not needed... I can post the one line ruleset if you'd like.

Lay it on me, thought I think the firewall has been doing a good job. It's always good to learn something new :)