hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : iptables or host.deny for VPS & fail2ban?
Reply

Forum Jump

iptables or host.deny for VPS & fail2ban?

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 09-21-2006, 02:56 AM
dvessel dvessel is offline
Newbie
 
Join Date: Sep 2006
Location: joisey
Posts: 29
Question

iptables or host.deny for VPS & fail2ban?


Hello, I recently got myself into an unmanaged VPS package and I noticed in my log files, countless attempts to ssh into the system. After a bit of searching, fail2ban looked like a good way to ban the brute force attacks automatically.

My question is what should I configure it with? There's the option for iptables or host.deny. I've read that iptables are not fully supported under Virtuozzo but the stuff I've read are a bit dated. Are there still some issues with iptables under Virtuozzo?

What I'm using now:
*Virtuozzo 3 -not sure on exact version. Whatever SolarVPS is using.
*Signed up with centos4
*uname -r = 2.6.9-022stab078.14-enterprise

Thanks!

__________________
-joon [www:dvessel:com]



Sponsored Links
  #2  
Old 09-21-2006, 09:32 AM
dvessel dvessel is offline
Newbie
 
Join Date: Sep 2006
Location: joisey
Posts: 29
Wow! Not sure how I posted here. Meant to be one level down.

__________________
-joon [www:dvessel:com]

  #3  
Old 09-21-2006, 01:47 PM
dvessel dvessel is offline
Newbie
 
Join Date: Sep 2006
Location: joisey
Posts: 29
I'm really feeling like a fool. ~heh

It looks like iptables works just fine. Being new to this I was afraid of screwing things up but I tried it and it's working beautifully.

Please, move or delete the thread.

__________________
-joon [www:dvessel:com]

Sponsored Links
  #4  
Old 09-22-2006, 04:14 AM
Jeremy Jeremy is offline
Local tech for Los Angeles
 
Join Date: Feb 2003
Location: North Hollywood, CA
Posts: 2,539
in the deny i have
sshd: ALL

and in the allow
sshd: 66.229.152. # jeremy

Works good for me

__________________
Remote Hands and Your Local Tech for the Los Angeles area.

(310) 573-8050 - LinkedIn


  #5  
Old 03-03-2008, 01:41 AM
YICHosting YICHosting is offline
New Member
 
Join Date: Mar 2008
Posts: 1
DenyHosts

I know this thread is extremely old, but still it could be helpful to someone else getting brute force attacks over SSH.

A good piece of software to use would be DenyHosts. It is software that will parse your log files for failed SSH login attempts. If an IP address tries gets too many invalid passwords, DenyHosts will add the IP to /etc/hosts.deny, or whatever file you specify, depending on your OS.

Might be worth looking at, it's pretty reliable. Just Google "DenyHosts", I would post a link but have to make a few more posts first.

  #6  
Old 07-06-2008, 02:30 PM
jamesapnic jamesapnic is offline
Junior Guru Wannabe
 
Join Date: Jul 2008
Posts: 63
Personally, what we do is move ssh to a different port if firewalling is not practical which it sometimes isn't. That way you will not get targeted by all of the mass scans. If you do get any it will be from a determined attacker and you can be sure you are being targeted by someone, which is useful information and you can block their entire IP range on all of your servers.

  #7  
Old 07-09-2008, 03:06 AM
insanelymacintosh insanelymacintosh is offline
WHT Addict
 
Join Date: Mar 2005
Location: Hattiesburg, MS
Posts: 159
I agree with Jamesapnic. Change the SSH port. This (while not being 100% bulletproof effective) does help.

__________________
InsanelyMacintosh - Macintosh Software Repository Listings

  #8  
Old 08-25-2008, 01:51 AM
abhishek11683 abhishek11683 is offline
New Member
 
Join Date: Aug 2008
Posts: 2
Seems to be a good option posted here but if you really want to protect your server more then disable default root access. That is in order to access the server then first access via a user and then login as root from there.

Reply

Related posts from TheWhir.com
Title Type Date Posted
NSA Denies Allegations that it Infected Millions of PCs with Malware Web Hosting News 2014-03-14 11:45:53
Host Alive Listing 2014-04-16 06:32:14
Five Rules for Moving to the Cloud Blog 2013-07-24 09:27:00
The Host Group Launches Real-Time Data backup Services in North America Web Hosting News 2013-05-08 15:37:57
ViaWest Scores Tier IV Data Center Certification for New Las Vegas Data Center Web Hosting News 2012-11-14 11:53:47


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?