SSH hacked?
Knapp
magick.crow at gmail.com
Wed Jan 14 16:30:43 UTC 2009
On Wed, Jan 14, 2009 at 4:24 PM, Derek Broughton <derek at pointerstop.ca>wrote:
> Res wrote:
>
> > On Wed, 14 Jan 2009, Anthony M. Rasat wrote:
> >
> >>
> >> My god, so much effort to protect ourselves from SSH Brute Force attack.
> >>
> >> Why not using fail2ban (http://fail2ban.sourceforge.net)?
> >>
> >> I've been using it for more than a couple of years, it works flawlessly
> >> for my servers.
> >
> > This assumes the bad person only uses the same IP, it's better than
> > nothing, but hardly a real security measure, not to mention all the idiot
> > users you have that screw up their own passwords, generating more work
> for
> > you.
>
> For once I agree with Res. _hackers_ don't always use the same IP - that's
> for the script kiddies. fail2ban is useful - it keeps out specific
> compromised
> systems that are being used to attack you, but the hackers are finding new
> ones faster than you're banning them. And again, Res is right about the
> users who forget their passwords - you need to have a simple procedure for
> unbanning their IP at the same time as you reset their password (and
> remember, if they're using dynamic IPs, you may have already banned a
> number
> of different addresses by the time they ask for a password reset - what do
> you do when a week later the user can't get in because he's been given the
> IP that is still banned).
The answer to that is straight out of the Denyhosts config file. And there
is more but you get the idea.
########################################################################
#
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
# when DenyHosts is invoked with the --purge flag
#
# format is: i[dhwmy]
# Where 'i' is an integer (eg. 7)
# 'm' = minutes
# 'h' = hours
# 'd' = days
# 'w' = weeks
# 'y' = years
#
# never purge:
PURGE_DENY =
#
# purge entries older than 1 week
#PURGE_DENY = 1w
#
# purge entries older than 5 days
#PURGE_DENY = 5d
#######################################################################
#######################################################################
#
# PURGE_THRESHOLD: defines the maximum times a host will be purged.
# Once this value has been exceeded then this host will not be purged.
# Setting this parameter to 0 (the default) disables this feature.
#
# default: a denied host can be purged/re-added indefinitely
#PURGE_THRESHOLD = 0
#
# a denied host will be purged at most 2 times.
#PURGE_THRESHOLD = 2
#
#######################################################################
--
Douglas E Knapp
Amazon Gift Cards; let them choose!!
http://www.amazon.com/gp/product/B001078FFE?ie=UTF8&tag=seattlebujinkand&linkCode=as2&camp=1789&creative=9325&creativeASIN=B001078FFE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20090114/5c2c3637/attachment.html>
More information about the ubuntu-users
mailing list