Results 26 to 38 of 38
Thread: Methods to block SSH attacks
-
04-24-2010, 03:03 AM #26Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
Changing the port, disable password authentication, use use a Login Failure Daemon to detect and block those trying to brute force the server.
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-24-2010, 03:08 AM #27Temporarily Suspended
- Join Date
- Apr 2010
- Posts
- 26
The important thing to remember is once an attacker is in via SSH, there is really no going back. If you have a user connect as a superuser, root, etc, most of the time they do something very harmful to the system such as backdoor the ssh daemon, launch attacks. It's very important to protect your ssh to the fullest extent as its one of your barricades.
-
04-24-2010, 03:13 AM #28Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
That's a given - but aside from unplugging all networking or disabling SSH all together (say, via KVM) there's only so much you can do.
Only allowing SSH from specific IPs is another aspect that will help if you don't have a dynamic IP Some firewalls do support dynamic DNS where you can enter in your DynDNS and always be allowed through the firewall as well.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-24-2010, 03:37 AM #29Web Hosting Master
- Join Date
- Mar 2010
- Posts
- 999
Even i am facing such attacks these days. I mean i never opened an account with email address in paypal and some days later paypal sent me an email that my account with email - "____" has been suspended.
Once i was stunned but second thought came into my mind where i thought that i never opened an account with this email so how come its suspended.
They also said that i was due to the fact that you have tried too many times with wrong password and this is why it is suspended...
I then tried IPTlabes method to prevent it..
-
04-24-2010, 03:51 AM #30Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 654
I've found that changing the port SSH listens on gets rid of 100% of attacks CSF blocks any port scanning, so somebody will have to make a lucky guess to even start attempting to hack SSH, and even then CSF will ban their IP when they fail to use a correct username/password within 5 attempts.
[GB ≠ GiB] [MB ≠ MiB] [kB ≠ kiB] [1000 ≠ 1024] [Giga ≠ gram] [Mega ≠ milli] [Kelvin ≠ kilo] [Byte ≠ bit]
There is no millibit. There is no gram-bit. There is no Kelvin-Byte.
-
04-24-2010, 04:22 AM #31Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-24-2010, 04:51 AM #32Web Hosting Master
- Join Date
- Mar 2009
- Posts
- 654
If they've managed to get my password (stored only in my brain) and port (stored only in my brain and ~/.ssh/config), then they've already got a keylogger or worse on my local system, and they can just tunnel straight through to the server from my own IP. Excessive paranoia (and useless) to only allow certain IPs.
Last edited by petteyg359; 04-24-2010 at 04:55 AM.
[GB ≠ GiB] [MB ≠ MiB] [kB ≠ kiB] [1000 ≠ 1024] [Giga ≠ gram] [Mega ≠ milli] [Kelvin ≠ kilo] [Byte ≠ bit]
There is no millibit. There is no gram-bit. There is no Kelvin-Byte.
-
04-24-2010, 05:33 AM #33Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
Any security measures could be seen as pointless depending on your level of paranoia.
You may keep that mindset until the day it does actually happen to you and a server gets wiped. I'm pretty sure just about everybody who has had a server wiped or compromised believed that their password, server, and methods were secure up until it was demonstrated that they weren't.
To each their own, I'm not saying you're right or wrong but just that we may have a difference in opinions█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
04-24-2010, 05:51 AM #34Newbie
- Join Date
- Apr 2010
- Posts
- 19
-
04-27-2010, 06:58 AM #35Mr Awesome
- Join Date
- Mar 2005
- Location
- USA
- Posts
- 895
Thanks for the information .. I know this will come in handy..
-
04-30-2010, 06:25 AM #36WHT Addict
- Join Date
- Jan 2010
- Location
- SL
- Posts
- 163
I dont think allowing specific ips to access ssh is a good idea,lot of webmasters are there who uses dynamic to connect to internet,how would they be able to use ssh ?
Instead its better to change there listenaddress to some other ip then your main share ip,and changing the port is very effective way
-
04-30-2010, 06:45 AM #37Support Facility
- Join Date
- Jun 2009
- Posts
- 2,335
Nice helpful post. Surely it would found helpful for others.
-
06-27-2010, 12:56 PM #38Junior Guru Wannabe
- Join Date
- Aug 2008
- Location
- Around the Servers!
- Posts
- 34
Great one... Really useful