Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: NickCritten on May 15, 2005, 01:57:54 PM
-
Hi everyone,
I recently upgraded to 6.5rc1 and recieved a few logwatch emails, I was a bit suprised by the fact that there seems to be some little script kiddie prick (or a few of them) out there trying to get into my server over SSH.
Its a fairly ineffective attack as he's only using 'password' and null passwords with what looks like a username list to brute force his way in.
The only account on my system with SSH access has a very strong password so I'm not that worried, but I'd like to do something to limit these little Arseh0les ability to do this.
I've looked into using SNORT / ACID but I don't think it will do what I want it to do (Unless I'm misunderstanding what I'm reading about it).
Heres what I would like to do:
1) Limit the number of concurrent sessions from any one IP to two.
2) Set up a delay (Say 20 Seconds) between giving an incorrect password and giving the "Access Denied" message.
3) Deny ALL TCP traffic from any IP which gets 5 Access denied's in a row for an hour.
Could anyone point me in the right direction of some reading material, or some search terms I can throw into the Contribs Search engine or Google. I'm not a lazy git, just need some gentle shoving in the right direction!
Many Thanks!
-
NickCritten
Just setup Public & Private keys, there is a HOWTO by Ian Wells that is quite good.
http://www.wellsi.com/sme
Then turn off passwords in server manager remote access and no-one will be able to ssh into your box except you, very securely too !
-
And if you want to annoy the script kiddies even more, change you port number for SSH. There is a howto here:
http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port
-
Hi RayMitchell & gizzmo2k1,
Thanks for your suggestions, I've been ill recently so haven't given them a go yet. I'll post back when I have a chance to implement this.
Cheers,