[K12OSN] reporting and/or stopping cracking attempts on server
Phydeaux
reb at taco.com
Thu Mar 17 17:55:56 UTC 2011
> Hello folks,
>
> For those of you that run servers exposed to the outside world, I just
> wanted to send a ping out and see what others are doing about this. I'm
> seeing an escalation in what I call "brute force" attacks on my server.
> Like people trying to SSH in repeatedly from one IP with common sounding
> user names. Or lots of http requests (I've got web on the same server)
> for ....setup.php or setup.pl etc. Repeated Auth requests to sendmail.
For services where you control who has access, like ssh, I recommend
using a non-standard port, (for ssh that means anything but 22). That
will get rid of the overwhelming majority of script kiddies who try
brute force methods of gaining entry. Things like fail2ban that look
at access attempts and modify firewall rules are another good option.
reb
More information about the K12OSN
mailing list