SSH hacked?
Derek Broughton
derek at pointerstop.ca
Wed Jan 14 15:24:16 UTC 2009
Res wrote:
> On Wed, 14 Jan 2009, Anthony M. Rasat wrote:
>
>>
>> My god, so much effort to protect ourselves from SSH Brute Force attack.
>>
>> Why not using fail2ban (http://fail2ban.sourceforge.net)?
>>
>> I've been using it for more than a couple of years, it works flawlessly
>> for my servers.
>
> This assumes the bad person only uses the same IP, it's better than
> nothing, but hardly a real security measure, not to mention all the idiot
> users you have that screw up their own passwords, generating more work for
> you.
For once I agree with Res. _hackers_ don't always use the same IP - that's
for the script kiddies. fail2ban is useful - it keeps out specific compromised
systems that are being used to attack you, but the hackers are finding new
ones faster than you're banning them. And again, Res is right about the
users who forget their passwords - you need to have a simple procedure for
unbanning their IP at the same time as you reset their password (and
remember, if they're using dynamic IPs, you may have already banned a number
of different addresses by the time they ask for a password reset - what do
you do when a week later the user can't get in because he's been given the
IP that is still banned).
More information about the ubuntu-users
mailing list