[K12OSN] reporting and/or stopping cracking attempts on server
Carl Keil
carl at snarlnet.com
Thu Mar 17 17:27:25 UTC 2011
Hello folks,
For those of you that run servers exposed to the outside world, I just
wanted to send a ping out and see what others are doing about this. I'm
seeing an escalation in what I call "brute force" attacks on my server.
Like people trying to SSH in repeatedly from one IP with common sounding
user names. Or lots of http requests (I've got web on the same server)
for ....setup.php or setup.pl etc. Repeated Auth requests to sendmail.
I've started running fail2ban, which, I feel does a great job of cutting
this down. Is there anything better that's about equally as easy to
setup? Is there any point in making the effort to look up the IP's and
contact the ISP's about this? Or does that just piss off the script
kiddies and make you more of a target. I don't want to have to become a
full on security expert, but I want to make sure I'm doing all the easy
no-brainer stuff that can protect you 99% of the time. I hope that
attitude doesn't offend anyone. I'm not working for a school. I got
into ltsp for home use and just run it for convenience and pleasure.
Dealing with idiots who are trying to break in cuts down on both.
Thanks,
ck
More information about the K12OSN
mailing list