Guruhowtos
Free Online Howtos and Tutorials
Latest
Factors to be considered when deploying VoIP infrastructure across an organization to help eliminate the most common VoIP security threats, such as the distributed denial-of-service (DDoS) attack, spams and frauds.
More: [...]
READ FULL ARTICLE »
Featured
VoIP Security Considerations | ArticlesBase.com What would be consider for VOIP price | ArticlesBase.com Business VoIP Phone Systems in the Retail Environment Expedite Purchasing, Sales and Customer Satisfaction with VoIP Phone Systems | ArticlesBase.com Calling Pakistan – Are Cheapest Options the Best? | ArticlesBase.com Telephone Systems for Sales and Customer Service Integrate Sales and Customer Service with CRM-enabled Business Telephone Systems | ArticlesBase.com
It never takes long for the script kiddies to start once you open up ssh to the interweb. Look in your /var/log/auth.log and I’ll bet you find a load of brute force attempts on ssh:
Failed password for invalid user bind from 61.19.237.163 port 50739 ssh2 Failed password for invalid user test from 61.19.237.163 port 50950 ssh2 Failed password for invalid user user from 61.19.237.163 port 51105 ssh2 Failed password for invalid user administrator from 61.19.237.163 port 51254 ssh2
This is a “1337 h4X0r” (read:kiddie) running a dictionary against your ssh server. If you have chosen strong passwords, then you are a bit safer, but there are better ways.
Use certificates instead of passwords
Have a look at the passwordless ssh howto here .If you dont want to switch off passwords, there is another way to block brute force attempts:
DenyHosts
This is a script designed to run on your ssh server to block brute force attempts, I really like this approach because you can get it to block ALL traffic from the offending ip – so if someone tries ssh and fails, they can’t try anything else from the same ip for a set number of days. This makes it inconvenient, and much easier to try somewhere else. It also logs all the names attempted, so you could use those in your own dictionary should you be so inclined…
Download from http://denyhosts.sourceforge.net/index.html
tar zxvf DenyHosts-2.5.tar.gz # change for whatever version you're using cd Denyhosts-2.5 sudo python setup.py install cd /usr/share/denyhosts sudo cp denyhosts.cfg-dist denyhosts.cfg sudo vi denyhosts.cfg # If you are using Ubuntu, your SECURE LOG should be as below, comment out all the others SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.blocked # We use this instead of hosts.deny so we can use TCPWRAPPERS later BLOCK_SERVICE = ALL # Not essential, but i prefer just locking the buggers out completely. Be careful of this on web servers etc, you dont want to block an entire internet cafe from browsing your site because of a visiting script kiddie. PURGE_DENY = 7d # Removes ips from the list after 7 days, adjust to taste - default is never LOCK_FILE = /var/run/denyhosts.pid #Comment out the other LOCK_FILEs SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 #This is a great idea, it lets users around the world share info, so misbehaving ips dont even need to try you to get blocked. Disabled by default. #Edit the other settings to taste, the defaults should be fine for most setups, but you might want to lower allowed attempts etc. sudo touch /etc/hosts.blocked sudo vi /etc/hosts.deny ALL:/etc/hosts.blocked sshd:ALL:spawn python2.4 /usr/bin/denyhosts.py --purge -c /etc/denyhosts.cfg: allow
Job done.
One Response so far | Have Your Say!
Leave a Feedback
Translator
- proxy server
- proxy server
- proxy server
- hotfix kb943198
- hotfix kb943198
- hotfix kb943198
- hotfix kb943198
- hotfix kb943198
- proxy server
- hotfix kb943198
BrandonG777 | May 22nd, 2009 at 9:52 pm #
Outdated.
sudo apt-get install denyhosts
* OPTIONAL *
sudo vim/etc/denyhosts.conf