UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
Latest Reviews
Topic Options
Rate This Topic
#17025 - 07/07/05 08:00 PM ssh/auth/apache security
busfault Offline
Junior Member

Registered: 12/20/04
Posts: 22
Loc: NY
I have a fair amount of Linux experience, however I am not sure what to do, or how to go about, working on this issue.
Currently I am allowing only a couple of ways to access my machine (300MHz Pentium with Debian Linux Unstable) of which are ftp, http, and ssh. I was looking through my logs and I am getting a bulk of traffic that is obvious script crap. For instance my auth.log is filled with invalid logins of numerous usernames, (alphabetic I may add) and in my Apache logs they are filled with obvious attempts to break Apache, well mostly Windows IIS.
So enough with the scenario, I would like to know how I can make it so that when there are numerous unwanted attempts that I can put their IPs into a blacklist that won't be allowed to connect to my machine at all. So that when that IP tries to connect it doesn't even get to the application. Then perhaps I would like to be able to let that address sit for a period of time before it is let back in, so that I don't block legitimate connections since person's IPs change.
Any help would be greatly appreciated.
_________________________
-----BEGIN GEEK CODE BLOCK-----
GCS/E d- s++:- a- C+++ UL+++ P+ L++ E-- W- N+ o-- K- w--- O M+ V-- PS++ PE-- Y+ PGP t+ 5++ X+ R+++ tv+ b++ DI++ D--- G++ e+ h r+++ y++++
------END GEEK CODE BLOCK------

Top
Sponsored Links
      
#17026 - 07/08/05 01:38 AM Re: ssh/auth/apache security
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
Use a non-standard port for SSH, disable Telnet; for your apache you can make a .htaccess file and ban ip's directly (I prefer masks myself); an example would be:

Taken directly from UGN Security's .htaccess file:
Code:
# Deny users IP's #
order allow,deny
#deny from 123.45.6.7 - Bans Direct IP
#deny from 012.34.5. - Bans IP block 012.34.5.*
#deny from .undergroundnews.com - bans host of *.undergroundnews.com
deny from .kestii.go.ro
allow from all
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top
#52490 - 12/19/10 10:58 AM Re: ssh/auth/apache security [Re: busfault]
diggin2deep Offline
UGN Newbie

Registered: 12/19/10
Posts: 6
Loc: New Orleans
The best way to do this is with the Fail2Ban program which comes with a number of filters to help you accomplish just this. Most distros have this in their repositories, just look around a little. You can also set in your sshd.conf that only certain keys can login or that they authenticate with a private key in addition to/instead of a password.

Top
#52525 - 12/23/10 08:03 AM Re: ssh/auth/apache security [Re: busfault]
Gremelin Offline

Community Owner
*****

Registered: 02/28/02
Posts: 7193
Loc: Portland, OR; USA
Most ISP's don't allow access to the firewall, but I guess that would be useful for personal machines.
_________________________
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner

Top

Moderator:  Infinite 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
35196 Topics
70366 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 28358
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 484 Guests and 332 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!