UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Su M Tu W Th F Sa
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Sponsored Links
Latest Postings
by lmnopq127978
Yesterday at 04:09 AM
by lmnopq127978
Yesterday at 04:08 AM
by lmnopq127978
Yesterday at 04:07 AM
by lmnopq127978
Yesterday at 04:07 AM
by lmnopq127978
Yesterday at 01:16 AM
by lmnopq127978
01/25/15 07:09 PM
Latest Reviews
Topic Options
Rate This Topic
#17025 - 07/07/05 08:00 PM ssh/auth/apache security
busfault Offline
Junior Member

Registered: 12/20/04
Posts: 22
Loc: NY
I have a fair amount of Linux experience, however I am not sure what to do, or how to go about, working on this issue.
Currently I am allowing only a couple of ways to access my machine (300MHz Pentium with Debian Linux Unstable) of which are ftp, http, and ssh. I was looking through my logs and I am getting a bulk of traffic that is obvious script crap. For instance my auth.log is filled with invalid logins of numerous usernames, (alphabetic I may add) and in my Apache logs they are filled with obvious attempts to break Apache, well mostly Windows IIS.
So enough with the scenario, I would like to know how I can make it so that when there are numerous unwanted attempts that I can put their IPs into a blacklist that won't be allowed to connect to my machine at all. So that when that IP tries to connect it doesn't even get to the application. Then perhaps I would like to be able to let that address sit for a period of time before it is let back in, so that I don't block legitimate connections since person's IPs change.
Any help would be greatly appreciated.
GCS/E d- s++:- a- C+++ UL+++ P+ L++ E-- W- N+ o-- K- w--- O M+ V-- PS++ PE-- Y+ PGP t+ 5++ X+ R+++ tv+ b++ DI++ D--- G++ e+ h r+++ y++++

Sponsored Links
#17026 - 07/08/05 01:38 AM Re: ssh/auth/apache security
Gremelin Offline

Community Owner

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
Use a non-standard port for SSH, disable Telnet; for your apache you can make a .htaccess file and ban ip's directly (I prefer masks myself); an example would be:

Taken directly from UGN Security's .htaccess file:
# Deny users IP's #
order allow,deny
#deny from - Bans Direct IP
#deny from 012.34.5. - Bans IP block 012.34.5.*
#deny from - bans host of *
deny from
allow from all
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

#52490 - 12/19/10 10:58 AM Re: ssh/auth/apache security [Re: busfault]
diggin2deep Offline
UGN Newbie

Registered: 12/19/10
Posts: 6
Loc: New Orleans
The best way to do this is with the Fail2Ban program which comes with a number of filters to help you accomplish just this. Most distros have this in their repositories, just look around a little. You can also set in your sshd.conf that only certain keys can login or that they authenticate with a private key in addition to/instead of a password.

#52525 - 12/23/10 08:03 AM Re: ssh/auth/apache security [Re: busfault]
Gremelin Offline

Community Owner

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
Most ISP's don't allow access to the firewall, but I guess that would be useful for personal machines.
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner


Moderator:  Infinite 
Featured Member
Registered: 02/28/02
Posts: 7193
Forum Stats
2153 Members
46 Forums
36618 Topics
71788 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 29773
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
claralobo, cdefgh368568, HushHush, golqm, Tim050
2152 Registered Users
Who's Online
1 registered (lmnopq127978), 301 Guests and 247 Spiders online.
Key: Admin, Global Mod, Mod
Latest News

  Get Firefox!
Get FireFox!