Computer Geeks

Emma · #1 03-01-2006, 06:53 PM

Preventing SSH Dictionary Attacks With DenyHosts

"DenyHosts is a script intended to be run by Linux system administrators to help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above... "

I found this tutorial very helpful and I thought I would share it with you guys, so you can learn how to protect your servers better. Of course, most of you are probably old hands at this, but still it is good to start with the basics.

Jason · #2 03-01-2006, 08:29 PM

Thank you for sharing with the community!

James72 · #3 03-07-2006, 06:29 PM

How well does this prevent attacks?
I will assume it is not bullet proof.

Is there anything else we can do to take steps to try and stop dictionary attacks?
________
e cigarette

Soulwatcher · #4 03-07-2006, 08:43 PM

Quote:

Originally Posted by James72

How well does this prevent attacks?
I will assume it is not bullet proof.

Is there anything else we can do to take steps to try and stop dictionary attacks?

You could install APF and BFD, and after so many attempts. It blocks the IP right at the firewall. For more information have a look at http://www.rfxnetworks.com/apf.php . Their website seems to be down at the moment. But It should be back up anytime.

Rogue · #5 03-08-2006, 11:45 AM

Thank you VERY much for sharing this with me! I'm a beginner in the whole Linux server industry, and this is some great information.

Also - SoulWatcher - thanks very much for the link you have also provided.

Julian · #6 03-12-2006, 03:42 AM

I'll have to forward this to my friend, for his web hosting company. I am pretty sure he has this already though.

Heroin · #7 04-20-2006, 07:10 PM

i just closed port 22 on my router so only internal machines can SSH eachother

LucnetSolutions · #8 04-21-2006, 11:24 AM

One thing we do to add some more security for SSH is we don't use the shared IP as the listen IP for SSH and we don't use the standard port 22. SSH is disabled by default and can be turned on for 24 hours max at a time.

Then we also have it set where a email is sent with IP and ISP information of the person that just logged in.

rmwebs · #9 05-03-2006, 02:56 AM

Quote:

Originally Posted by LucnetSolutions

One thing we do to add some more security for SSH is we don't use the shared IP as the listen IP for SSH and we don't use the standard port 22. SSH is disabled by default and can be turned on for 24 hours max at a time.

Then we also have it set where a email is sent with IP and ISP information of the person that just logged in.

Good idea IMHO.

Computer Geeks

Geek Shop

Geek News

Geek Stuff

Science Geek

Computer Gaming

Linux Chat

Building Websites

Computer Forums

Computer Help Forum

Computer Hardware Forum

Computer Software Programs