SSH hacked?

Knapp magick.crow at gmail.com
Wed Jan 14 16:30:43 UTC 2009 

On Wed, Jan 14, 2009 at 4:24 PM, Derek Broughton <derek at pointerstop.ca>wrote:

> Res wrote:
>
> > On Wed, 14 Jan 2009, Anthony M. Rasat wrote:
> >
> >>
> >> My god, so much effort to protect ourselves from SSH Brute Force attack.
> >>
> >> Why not using fail2ban (http://fail2ban.sourceforge.net)?
> >>
> >> I've been using it for more than a couple of years, it works flawlessly
> >> for my servers.
> >
> > This assumes the bad person only uses the same IP, it's better than
> > nothing, but hardly a real security measure, not to mention all the idiot
> > users you have that screw up their own passwords, generating more work
> for
> > you.
>
> For once I agree with Res.  _hackers_ don't always use the same IP - that's
> for the script kiddies.  fail2ban is useful - it keeps out specific
> compromised
> systems that are being used to attack you, but the hackers are finding new
> ones faster than you're banning them.  And again, Res is right about the
> users who forget their passwords - you need to have a simple procedure for
> unbanning their IP at the same time as you reset their password (and
> remember, if they're using dynamic IPs, you may have already banned a
> number
> of different addresses by the time they ask for a password reset - what do
> you do when a week later the user can't get in because he's been given the
> IP that is still banned).


 The answer to that is straight out of the Denyhosts config file. And there
is more but you get the idea.



########################################################################
#
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
#             when DenyHosts is invoked with the --purge flag
#
#      format is: i[dhwmy]
#      Where 'i' is an integer (eg. 7)
#            'm' = minutes
#            'h' = hours
#            'd' = days
#            'w' = weeks
#            'y' = years
#
# never purge:
PURGE_DENY =
#
# purge entries older than 1 week
#PURGE_DENY = 1w
#
# purge entries older than 5 days
#PURGE_DENY = 5d
#######################################################################

#######################################################################
#
# PURGE_THRESHOLD: defines the maximum times a host will be purged.
# Once this value has been exceeded then this host will not be purged.
# Setting this parameter to 0 (the default) disables this feature.
#
# default: a denied host can be purged/re-added indefinitely
#PURGE_THRESHOLD = 0
#
# a denied host will be purged at most 2 times.
#PURGE_THRESHOLD = 2
#
#######################################################################




-- 
Douglas E Knapp

Amazon Gift Cards; let them choose!!
http://www.amazon.com/gp/product/B001078FFE?ie=UTF8&tag=seattlebujinkand&linkCode=as2&camp=1789&creative=9325&creativeASIN=B001078FFE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090114/5c2c3637/attachment.html>

More information about the ubuntu-users mailing list