I've just written an article on preventing brute force hack attempts I thought you all might be interested in reading at
http://www.webhostgear.com/240.html

Thanks

Steve

Nice article. I often cite your guides in our support tickets! :) You probably get a lot of refererless hits for #61, #60, and #34! :)

You might also consider suggesting the following:

* Use strong passwords. As computer hardware advances the practice of using strong passwords becomes increasigly important. Strong passwords should have at least 10 characters and consist of lower and uppercase letters, numbers, and symbols. By enforcing strong passwords you can successfully defend the vast majority of brute force attacks.

* Set up SSH to use keys instead of passwords.

* Change the SSH port to mitigate the automated attempts.

* Disable direct root login in /etc/ssh/sshd_config and add a dummy user which has the appropriate access to become the root user.

* NEVER set up an account with a password identical to the username. (Not even if it is only temporary!)

Keep those articles coming. i'm using them too...

As am I, your website is a great resource.

Best way of protecting ssh is limit access to your IP, spyglass IP's, monitoring IP's, and IP's of a friends (or another of your own) server (with a basic user account for you on it incase your IP changes and remote console is b0rked, you can login via their server).

Are APF and BFD fairly easy to install? Any trouble to watch out for?

I just installed APF and after editing the configuration file and starting it, I got these messages. What am I doing wrong?

I found the problem line and it was supposed to be commented out.

I think it's installed and running. How do I know if it's working properly? This time when I started it I got the message below.



Then when I took it out of dev mode I got no message after starting. No error message but I thought it would at least say something like, "Yes sir! I'm on the job."

Got BFD installed and working.

I added a range of IPs to the ignore host file. I guess I got it right. I can still log in. Is this the right format? ***.***.**.* - ***.***.***.**

Thanks!

Anybody home?

Fisherman there is no need to repost like that.

APF and BFD if you have any questions there is plenty of help ou there. you can even contact the owners of the software. Just do not expect 25/7 support from the community.


But to answer your question Yes they are easy to install.



Usualy when a program returns to command prompt they are working just fine.

May I ask the years of experance with linux that you have had.

It should be running as a service so you can try the command



and you should get 2 lines, one for when it stopped and one from when it started. They should say [failed] or [ok].

Also, you can run the command



and compare the results when apf is stopped and when it is started. You should see a LOT of firewall entries that apf has added.

IIRC, when you start APF it just adds a bunch of iptables firewall rules and stops. The Linux firewall takes it from there.

BFD runs every few minutes from a cron job and when it wants to ban an IP, it issues a command something like to ban the IP. Actually, I think later versions might have a slightly different syntax for banning an IP since they include a comment when they add a host to /etc/apf/deny_hosts.rules like the two following IPs which my server recently banned



Typing the followingline will give you some help text for apf. There's no man page.

BTW, be careful to always use IP addresses. IIRC, one version of BFD (I think it was the version that was banning hosts exim rejected) was banning using host names. It worked at the time BFD banned the host, but the system would lockup on boot because apf started before the nameserver so it had no way to lookup the names and get IP addresses during boot. It required physical access to the console to get past that problem.


-- David

Thanks David. I really appreciate the help. I'm learning this stuff a little at a time.

KTFCC - No need to be rude.

Unless things were deleted, he was only pointing out that it's perceived as contrary to netiquette to repost. It is sometimes necessary to point out such things out to people who have not yet familiarized themselves with it. Thus, there was indeed a need ;-)

No. Actually, he was telling me that I shoudn't expect help from the community which is what this place is for. I very rarely ask questions in here. Very rarely. I often find what I need elsewhere or in a book. When I do ask a question I get flak for it?!? What the heck is that?

There was no repost. I was bumping the thread which is common.

I may ask another question some day. Is that ok?

Funny thing about the net. Interpreting things are easy. That is except for my spelling no interpretation there i suck at it.

Anyways my comment was giving you direction on how to get help easy. If a thread gets down to the bottom one of 2 things happen 1 no one knows 2 they too busy to answer. Or they require more info.

So i was just telling you there are other places to ask the same question. Any maby get a question answered sooner. Since it seamed like you were in a hurry.

And I was just citing netequte. Not being rude.

Sorry to argue, but he wasn't saying that you couldn't get help at all, but 25/7 (probably meaning 24/7). This is not the place to get the quickest answer, although you did get an accurate answer eventually.

He did have a point about unix (linux) typically not giving confirmation of a successful operation, but only of failure.


It's not up to me or anyone else to determine what you can or cannot ask :-) I regularly ask questions myself and that's one good way of learning things.

Ok. Point made. I was just a little aggrivated being told things I already knew and being corrected for "nettiquite". Give me a break. My ettiquite is just fine.

So, I'm sorry for getting angry with you two.



Serhan, That "question some day" thing was sarcasm in case you didn't know.

Your statement is consistent in the sense that the person who demonstrates lack of familiarity with netiquette cannot be the same one to judge what is proper netiquette. In general - not just on the internet - someone who asks for free favours should show modesty and not express impatience. It is unfortunately too common for people to become irritated and angry when they are confronted with criticism. Perhaps it can be attributed to cognitive dissonance.


One cannot be reasonably faulted for misinterpreting a potentially negative remark as a positive one. It is one of the few errors that one rarely ends up regretting.

You can believe what you want to. I was just bumping a thread and that's common. Do you correct everyone that does that? I get on this thing two or three times a year and don't need this stuff when I do. I wasn't impatient with the community, (Ok, maybe a little at this point in time. ) but was wondering where the fellows were that I was on the phone with at the time and bumped the thread so they could see it. That's all.

BTW - When I have a helpful correction for someone, I PM them and don't do it in public. (I've never really done it even when I wanted to.)

Maybe I should have ignored it and let it go but I was having a real bad couple of days and guess I let that one more thing bother me. I have since apologised for getting angry and snapping back at you so lighten up.

That's all I'll say about this. You can have the last word if you like. I'll see ya in a few months.

Interpretation It has to do all with that.

The best way to bump a thread is A not do it at all.

But if it is necessary post bump as the content as other then Anyone Home? As it implys a expected demand response.

Note this post is made to teach all not just you. You just happen to be the example. It was not meant to criticize just a reminder.

Saying with all politeness and freindlyness

Okay, no harm was done. Your suggestion about sending a PM is a good one and I'll remember that next time. It does indeed put someone on the defensive if criticism is placed in public. That goes both ways of course.