[OT] Home Email Server?

"Terrell Prudé Jr." microman at cmosnetworks.com
Thu Mar 12 17:45:24 GMT 2009



Bruce Marshall wrote:
> On Wednesday 11 March 2009, Alan Dacey wrote:
>   
>> I believe that you can re-map the ports on your machine so that the
>> 'standard' ones can be changed.  For example you can remap port 443 to
>> 56189.  You could then ssh to port 56189 and the software inside your
>> machine would never know the difference.  Unless your ISP blocks
>> everything, you are good to go.  I have not done this, yet, but I have read
>> about it doing research to set up my own home ubuntu server.
>>     
>
> I routinely (as in always) tell ssh to use a port above 10000.  Saves a lot of 
> usage by the script kiddies who want to beat on port 22.
>   

Fail2Ban is your friend here.  It's like DenyHosts, but using IPTABLES 
rules for blocking instead of hosts.deny.  Moving the port isn't really 
a complete solution, because you *will* be found in short order, and 
then the attacks will commence on that port.  Some might get lucky, but 
too many others don't.

I've been using Fail2Ban for about a year, and script kiddies always get 
blocked (totally, not just SSH) with an IPTABLES rule after 6 attempts 
(all this is configurable).  I have it set to release that IPTABLES 
block after 24 hours.  It's very effective.

  http://www.fail2ban.org/

And yes, it is in both the Debian and Ubuntu repositories.

So, no need to try moving your SSH server port around.  With tools like 
this one, you can just use TCP 22 like normal.

--TP
_______________________________
Do you GNU <http://www.gnu.org>?
Microsoft Free since 2003 <http://www.cmosnetworks.com>--the ultimate 
antivirus protection!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/kubuntu-users/attachments/20090312/36004d59/attachment.htm 


More information about the kubuntu-users mailing list