Page 2 of 2 FirstFirst 12
Results 26 to 38 of 38
  1. #26
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Changing the port, disable password authentication, use use a Login Failure Daemon to detect and block those trying to brute force the server.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  2. #27
    Join Date
    Apr 2010
    Posts
    26
    Quote Originally Posted by MikeDVB View Post
    Changing the port, disable password authentication, use use a Login Failure Daemon to detect and block those trying to brute force the server.

    The important thing to remember is once an attacker is in via SSH, there is really no going back. If you have a user connect as a superuser, root, etc, most of the time they do something very harmful to the system such as backdoor the ssh daemon, launch attacks. It's very important to protect your ssh to the fullest extent as its one of your barricades.

  3. #28
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by xor_ View Post
    The important thing to remember is once an attacker is in via SSH, there is really no going back. If you have a user connect as a superuser, root, etc, most of the time they do something very harmful to the system such as backdoor the ssh daemon, launch attacks. It's very important to protect your ssh to the fullest extent as its one of your barricades.
    That's a given - but aside from unplugging all networking or disabling SSH all together (say, via KVM) there's only so much you can do.

    Only allowing SSH from specific IPs is another aspect that will help if you don't have a dynamic IP Some firewalls do support dynamic DNS where you can enter in your DynDNS and always be allowed through the firewall as well.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  4. #29
    Join Date
    Mar 2010
    Posts
    999
    Even i am facing such attacks these days. I mean i never opened an account with email address in paypal and some days later paypal sent me an email that my account with email - "____" has been suspended.

    Once i was stunned but second thought came into my mind where i thought that i never opened an account with this email so how come its suspended.

    They also said that i was due to the fact that you have tried too many times with wrong password and this is why it is suspended...

    I then tried IPTlabes method to prevent it..

  5. #30
    Join Date
    Mar 2009
    Posts
    654
    I've found that changing the port SSH listens on gets rid of 100% of attacks CSF blocks any port scanning, so somebody will have to make a lucky guess to even start attempting to hack SSH, and even then CSF will ban their IP when they fail to use a correct username/password within 5 attempts.
    [GB ≠ GiB] [MB ≠ MiB] [kB ≠ kiB] [1000 ≠ 1024] [Giga ≠ gram] [Mega ≠ milli] [Kelvin ≠ kilo] [Byte ≠ bit]
    There is no millibit. There is no gram-bit. There is no Kelvin-Byte.

  6. #31
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by petteyg359 View Post
    I've found that changing the port SSH listens on gets rid of 100% of attacks CSF blocks any port scanning, so somebody will have to make a lucky guess to even start attempting to hack SSH, and even then CSF will ban their IP when they fail to use a correct username/password within 5 attempts.
    Unfortunately this won't stop them if they get your user/pass/port by other means. This is where only allowing certain IPs and disabling password authentication would really help.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  7. #32
    Join Date
    Mar 2009
    Posts
    654
    Quote Originally Posted by MikeDVB View Post
    Unfortunately this won't stop them if they get your user/pass/port by other means. This is where only allowing certain IPs and disabling password authentication would really help.
    If they've managed to get my password (stored only in my brain) and port (stored only in my brain and ~/.ssh/config), then they've already got a keylogger or worse on my local system, and they can just tunnel straight through to the server from my own IP. Excessive paranoia (and useless) to only allow certain IPs.
    Last edited by petteyg359; 04-24-2010 at 04:55 AM.
    [GB ≠ GiB] [MB ≠ MiB] [kB ≠ kiB] [1000 ≠ 1024] [Giga ≠ gram] [Mega ≠ milli] [Kelvin ≠ kilo] [Byte ≠ bit]
    There is no millibit. There is no gram-bit. There is no Kelvin-Byte.

  8. #33
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by petteyg359 View Post
    If they've managed to get my password (stored only in my brain) and port (stored only in my brain and ~/.ssh/config), then they've already got a keylogger or worse on my local system, and they can just tunnel straight through to the server from my own IP. Excessive paranoia (and useless) to only allow certain IPs.
    Any security measures could be seen as pointless depending on your level of paranoia.

    You may keep that mindset until the day it does actually happen to you and a server gets wiped. I'm pretty sure just about everybody who has had a server wiped or compromised believed that their password, server, and methods were secure up until it was demonstrated that they weren't.

    To each their own, I'm not saying you're right or wrong but just that we may have a difference in opinions
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  9. #34
    Quote Originally Posted by MikeDVB View Post
    Any security measures could be seen as pointless depending on your level of paranoia.

    You may keep that mindset until the day it does actually happen to you and a server gets wiped. I'm pretty sure just about everybody who has had a server wiped or compromised believed that their password, server, and methods were secure up until it was demonstrated that they weren't.

    To each their own, I'm not saying you're right or wrong but just that we may have a difference in opinions
    I can not agree more with you mike for me so far so good touch wood

  10. #35
    Thanks for the information .. I know this will come in handy..
    Mrgeekchris.com ~ It's not just a job It's a passion
    "Mistakes are proof that you are trying"

  11. #36
    Join Date
    Jan 2010
    Location
    SL
    Posts
    163
    I dont think allowing specific ips to access ssh is a good idea,lot of webmasters are there who uses dynamic to connect to internet,how would they be able to use ssh ?

    Instead its better to change there listenaddress to some other ip then your main share ip,and changing the port is very effective way

  12. #37
    Nice helpful post. Surely it would found helpful for others.
    SUPPORT FACILITY | 24/7 TECH SUPPORT
    SERVER MANAGEMENT | WEB HOSTING SUPPORT | WP EXPERTS

  13. #38
    Join Date
    Aug 2008
    Location
    Around the Servers!
    Posts
    34
    Great one... Really useful

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •