Results 1 to 8 of 8
  1. #1
    Join Date
    Sep 2006
    Location
    joisey
    Posts
    29

    Question iptables or host.deny for VPS & fail2ban?

    Hello, I recently got myself into an unmanaged VPS package and I noticed in my log files, countless attempts to ssh into the system. After a bit of searching, fail2ban looked like a good way to ban the brute force attacks automatically.

    My question is what should I configure it with? There's the option for iptables or host.deny. I've read that iptables are not fully supported under Virtuozzo but the stuff I've read are a bit dated. Are there still some issues with iptables under Virtuozzo?

    What I'm using now:
    *Virtuozzo 3 -not sure on exact version. Whatever SolarVPS is using.
    *Signed up with centos4
    *uname -r = 2.6.9-022stab078.14-enterprise

    Thanks!
    -joon [www:dvessel:com]

  2. #2
    Join Date
    Sep 2006
    Location
    joisey
    Posts
    29
    Wow! Not sure how I posted here. Meant to be one level down.
    -joon [www:dvessel:com]

  3. #3
    Join Date
    Sep 2006
    Location
    joisey
    Posts
    29
    I'm really feeling like a fool. ~heh

    It looks like iptables works just fine. Being new to this I was afraid of screwing things up but I tried it and it's working beautifully.

    Please, move or delete the thread.
    -joon [www:dvessel:com]

  4. #4
    Join Date
    Feb 2003
    Location
    North Hollywood, CA
    Posts
    2,554
    in the deny i have
    sshd: ALL

    and in the allow
    sshd: 66.229.152. # jeremy

    Works good for me
    Remote Hands and Your Local Tech for the Los Angeles area.

    (310) 573-8050 - LinkedIn

  5. #5

    DenyHosts

    I know this thread is extremely old, but still it could be helpful to someone else getting brute force attacks over SSH.

    A good piece of software to use would be DenyHosts. It is software that will parse your log files for failed SSH login attempts. If an IP address tries gets too many invalid passwords, DenyHosts will add the IP to /etc/hosts.deny, or whatever file you specify, depending on your OS.

    Might be worth looking at, it's pretty reliable. Just Google "DenyHosts", I would post a link but have to make a few more posts first.

  6. #6
    Personally, what we do is move ssh to a different port if firewalling is not practical which it sometimes isn't. That way you will not get targeted by all of the mass scans. If you do get any it will be from a determined attacker and you can be sure you are being targeted by someone, which is useful information and you can block their entire IP range on all of your servers.

  7. #7
    Join Date
    Mar 2005
    Location
    Hattiesburg, MS
    Posts
    159
    I agree with Jamesapnic. Change the SSH port. This (while not being 100% bulletproof effective) does help.
    InsanelyMacintosh - Macintosh Software Repository Listings

  8. #8
    Seems to be a good option posted here but if you really want to protect your server more then disable default root access. That is in order to access the server then first access via a user and then login as root from there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •