• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hacking attempts on server

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
We used to have brute attempts against our ftp server all the time. Former admin did not use any lockout method.

Its part of the datacenter environment. You get a block of IP's known to have machines that might be run by inept admins, its gonna happen.

That said I was proactive and took basic measures (blocking first the /32 then /29's and in one case all of a /24) (that is route to null). It took a while but eventually most of the serious attacks died down.
 
This is what I use:

-A RH-Firewall-1-INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
-A RH-Firewall-1-INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

add that to /etc/sysconfig/iptables and restart iptables...

Paste your current ruleset if you want us to make sure it won't affect any other rules.
 
Awesome these are great tips. I've been learning pretty hardcore the last couple months.

Sometimes i feel like my CS degree only taught me to hate C++ and what a for loop is 😛
 
Last edited:
manlymatt83 said:
I wouldn't do #1. Security by obscurity is a bad habit to get into, in my opinion.

#2 sounds good.... /etc/ssh/sshd_config, PermitRootLogins No

#3 works well, but it could get annoying for you, especially if you login from different machines a lot.

#4 is the best choice, in my opinion. There's an easier way to do it with iptables (Linux) or pf (FreeBSD) that makes fail2ban not needed... I can post the one line ruleset if you'd like.

#5 is good, too.
Click to expand...

Uhh... sure it's obscurity but it's not the only line of defense. Anything helps when you have a public facing box. Changing the port will stop 99% of the script kiddies, everything else will keep everyone else away.

If you have a hard time managing your keypairs you shouldn't be managing a server.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top