|
|
#1
10-Dec-2005, 08:05
|
||||
|
||||
Re: Disabling root SSH loginsI just posted a GID Community blog entitled: Disabling root SSH logins.
Quote:
Please let me know what you think. This is an auto-generated message posted by GIDNetwork™ on behalf of the author. |
||||
|
#2
11-Dec-2005, 01:53
|
||||
|
||||
Re: Disabling root SSH loginsGood stuff! Since I only have mine set up as a testing server right now, I really didn't care about people hacking it. But it's always better to error on the safe side. Thanks!
__________________
Start Programming with Python-A beginner's guide to programming and the Python language. ------------- Common Sense v2.0-Striving to make the world a little bit smarter. |
|
#3
30-Mar-2006, 15:22
|
|||
|
|||
Re: Disabling root SSH loginsA very easy way to avoid these login attempts is set the SSH port to whatever you want :
Edit sshd.config and find the lines : #Port 22 #Protocol 2,1 Uncomment the lines and change them for example to : Port 5353 Protocol 2 Then sit and look at your /var/logs/messages  |
|
#4
30-Mar-2006, 20:42
|
||||
|
||||
Re: Disabling root SSH loginsI am actually quite pleased with all my efforts to curb SSHD abuse like this.
While modifying the config files just means that I am making it a bit harder for the person trying to break-in to the server, it doesn't stop them from trying. On a loaded server, unnecessary "traffic" like this can become a pain. A few months back, I wrote a PHP script to run every 5 minutes, read the /var/log/messages log file and report back to me any attempts like these. Here is an example email report I received this morning (for me): Quote:
The first line just shows a line from the log file... The second line is a link to a web site to find out relevant stuff about the IP. The third line is something I can quickly copy and paste to block the IP from ever accessing my server. So far so good, if I am unlucky, I get a "probe" like this once a day... On a good stretch, I get nothing for days. You should see my /etc/apf/deny_hosts.rules file now.  __________________
J de Silva Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™ |
|
#5
21-Apr-2006, 11:51
|
|||
|
|||
Re: Disabling root SSH loginsYou may want to periodically empty your deny_hosts.rules file... On occassion we have had a client get themselves blocked by APF after too many failed email or FTP login attempts (BFD sends it to APF to be blocked).
But, almost as important as that is the fact that if your deny_hosts.rules gets huge... and therefore the contents of your IPchains/IPtables is very large, it can actually slow down your server as it has to parse through all the rules every time it receives a connection. It shouldn't be a problem with 50 or 100 or more entries, but if your deny_hosts.rules has entries for months or years, you may want to periodically clear it out  _______________________ Cheers, Ronnie T. Moore, owner Messenger: RonnieAWH http://AlwaysWebHosting.com/ -- Friendly, feature-packed Cpanel hosting, that can't be beat! |
Recent GIDBlog
Toyota - 2009 May Promotion by Nihal
| Thread Tools | Search this Thread |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Linspire: Has anyone used it? | TerryPearson | Computer Software Forum - Linux | 16 | 28-Apr-2005 12:32 |
| Mod rewite to disguise root | JUNK KED | Apache Web Server Forum | 4 | 09-Jan-2005 06:39 |
| IPv6 added by ICANN to Root Servers | 000 | Web Hosting Forum | 3 | 23-Jul-2004 05:04 |
Network Sites: GIDNetwork · GIDWebHosts · GIDSearch · Learning Journal by J de Silva, The
