Fred Stluka on 24 Aug 2018 14:53:48 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban... |
Michael, BTW, here's the script I use for creating and installing SSH keys: - http://bristle.com/Tips/Unix.htm#script_authorize_ssh_key Enjoy! --Fred ------------------------------------------------------------------------ Fred Stluka -- Bristle Software, Inc. -- http://bristle.com #DontBeATrump -- Make America Honorable Again! ------------------------------------------------------------------------ On 8/24/18 5:17 PM, Fred Stluka wrote:
Michael, Yeah, I use key pairs also. And have configured ssh to not allow root logins, only a VERY small list of non-standard usernames. So, all the hackers trying to guess the passwords for root, apache, and a bunch of others are just wasting their time. I still like fail2ban since it chases off hackers in a lightweight way, and tips them to the fact that I have active security measures in place, so they should go elsewhere to look for an easier target. Blocklist look interesting. Thanks! --Fred ------------------------------------------------------------------------ Fred Stluka -- Bristle Software, Inc. -- http://bristle.com #DontBeATrump -- Make America Honorable Again! ------------------------------------------------------------------------ On 8/17/18 4:08 PM, Michael Lazin wrote:I used to use this for fail2ban auto reporting: http://www.blocklist.de/en/index.htmlJust be aware it makes server load because it sends mail via exim to report the attacks to blocklist.de <http://blocklist.de>, who in turn report it to the attacking ISPs. I used to work at a large webhosting company and we would get reports from them. I've come to really prefer using ssh key pairs which aws and azure force you to use. Key pairs obviate the need for fail2ban.Cheers, MichaelOn Fri, Aug 17, 2018 at 3:42 PM, Fred Stluka <fred@bristle.com <mailto:fred@bristle.com>> wrote:Linux admins, As you may have noticed, there's been a massive upswing in hacking attempts from China in the past couple weeks. My servers now get hit an additional hundreds or thousands of times per day. You may want to check your logs and beef up your security. See my recently posted tip: - Log IP addresses for fail2ban http://bristle.com/Tips/Unix.htm#log_ip_addresses_for_fail2ban <http://bristle.com/Tips/Unix.htm#log_ip_addresses_for_fail2ban> It describes a change I had to make to my FTP server to get fail2ban to properly block attackers who were gaming their own DNS entries. --Fred ------------------------------------------------------------------------ Fred Stluka -- Bristle Software, Inc. -- http://bristle.com #DontBeATrump -- Make America Honorable Again! ------------------------------------------------------------------------ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> -- Michael Lazin to gar auto estin noein te kai ennai___________________________________________________________________________Philadelphia Linux Users Group -- http://www.phillylinux.orgAnnouncements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug___________________________________________________________________________Philadelphia Linux Users Group -- http://www.phillylinux.orgAnnouncements - http://lists.phillylinux.org/mailman/listinfo/plug-announceGeneral Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug