Computer Forums

Computer Forums (http://www.geekboards.com/forums/index.php)
-   Building Websites (http://www.geekboards.com/forums/forumdisplay.php?f=3)
-   -   Preventing SSH Dictionary Attacks With DenyHosts (http://www.geekboards.com/forums/showthread.php?t=646)

Emma 03-01-2006 06:53 PM
Preventing SSH Dictionary Attacks With DenyHosts
 
Preventing SSH Dictionary Attacks With DenyHosts

"DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above... "

I found this tutorial very helpful and I thought I would share it with you guys, so you can learn how to protect your servers better. Of course, most of you are probably old hands at this, but still it is good to start with the basics.

Jason 03-01-2006 08:29 PM
Thank you for sharing with the community!

James72 03-07-2006 06:29 PM
How well does this prevent attacks?
I will assume it is not bullet proof.

Is there anything else we can do to take steps to try and stop dictionary attacks?
________
e cigarette

Soulwatcher 03-07-2006 08:43 PM
Quote:
Originally Posted by James72
How well does this prevent attacks?
I will assume it is not bullet proof.

Is there anything else we can do to take steps to try and stop dictionary attacks?
You could install APF and BFD, and after so many attempts. It blocks the IP right at the firewall. For more information have a look at http://www.rfxnetworks.com/apf.php . Their website seems to be down at the moment. But It should be back up anytime.

Rogue 03-08-2006 11:45 AM
Thank you VERY much for sharing this with me! I'm a beginner in the whole Linux server industry, and this is some great information.

Also - SoulWatcher - thanks very much for the link you have also provided.

Julian 03-12-2006 03:42 AM
I'll have to forward this to my friend, for his web hosting company. I am pretty sure he has this already though.

Heroin 04-20-2006 07:10 PM
i just closed port 22 on my router so only internal machines can SSH eachother

LucnetSolutions 04-21-2006 11:24 AM
One thing we do to add some more security for SSH is we don't use the shared IP as the listen IP for SSH and we don't use the standard port 22. SSH is disabled by default and can be turned on for 24 hours max at a time.

Then we also have it set where a email is sent with IP and ISP information of the person that just logged in.

rmwebs 05-03-2006 02:56 AM
Quote:
Originally Posted by LucnetSolutions
One thing we do to add some more security for SSH is we don't use the shared IP as the listen IP for SSH and we don't use the standard port 22. SSH is disabled by default and can be turned on for 24 hours max at a time.

Then we also have it set where a email is sent with IP and ISP information of the person that just logged in.
Good idea IMHO.


All times are GMT -5. The time now is 11:04 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
HTML Help provided by HTML Help Central.