UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

 UGN Security Store
 

Network Sites UGN Security, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
You are not logged in. [Log In] UGN Security Forums » Forums » UGN Security: Knowledge Base » Operating Systems
      » *nix & *nix Security » ssh/auth/apache security
Register User    Portal Page     Forum List        Calendar     FAQ
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Our Sponsors

Latest Postings
What is the point of this?
by Artic Warrior
0 seconds ago
Owning Servers
by HighLander
Yesterday at 11:59 PM
any way I can get mac os x leopard?
by Gizmo
09/03/08 01:45 PM
WGA - removing windows genuine authentication notice
by Gizmo
09/02/08 04:14 AM
my old account still exists!
by Gizmo
08/19/08 02:27 PM
Topic Options
#17025 - 07/07/05 08:00 PM ssh/auth/apache security
busfault Offline
Junior Member

Registered: 12/20/04
Posts: 22
Loc: NY
I have a fair amount of Linux experience, however I am not sure what to do, or how to go about, working on this issue.
Currently I am allowing only a couple of ways to access my machine (300MHz Pentium with Debian Linux Unstable) of which are ftp, http, and ssh. I was looking through my logs and I am getting a bulk of traffic that is obvious script crap. For instance my auth.log is filled with invalid logins of numerous usernames, (alphabetic I may add) and in my Apache logs they are filled with obvious attempts to break Apache, well mostly Windows IIS.
So enough with the scenario, I would like to know how I can make it so that when there are numerous unwanted attempts that I can put their IPs into a blacklist that won't be allowed to connect to my machine at all. So that when that IP tries to connect it doesn't even get to the application. Then perhaps I would like to be able to let that address sit for a period of time before it is let back in, so that I don't block legitimate connections since person's IPs change.
Any help would be greatly appreciated.
_________________________
-----BEGIN GEEK CODE BLOCK-----
GCS/E d- s++:- a- C+++ UL+++ P+ L++ E-- W- N+ o-- K- w--- O M+ V-- PS++ PE-- Y+ PGP t+ 5++ X+ R+++ tv+ b++ DI++ D--- G++ e+ h r+++ y++++
------END GEEK CODE BLOCK------

Top
Our Sponsors
Sponsor Our Sponsors
Top  
#17026 - 07/08/05 01:38 AM Re: ssh/auth/apache security
Gizmo Administrator Offline
Community Owner
*****

Registered: 02/28/02
Posts: 6933
Loc: Portland, OR; USA
Use a non-standard port for SSH, disable Telnet; for your apache you can make a .htaccess file and ban ip's directly (I prefer masks myself); an example would be:

Taken directly from UGN Security's .htaccess file:
Code:
# Deny users IP's #
order allow,deny
#deny from 123.45.6.7 - Bans Direct IP
#deny from 012.34.5. - Bans IP block 012.34.5.*
#deny from .undergroundnews.com - bans host of *.undergroundnews.com
deny from .kestii.go.ro
allow from all
_________________________
Donate to UGN Security here.
UGN Security, Elite Web Gamers & VNC Web Design Owner

Top



Moderator:  Infinite 
Forum Stats
6870 Members
44 Forums
10508 Topics
45254 Posts

Max Online: 677 @ 06/30/07 10:06 PM
Top Posters
Gizmo 6933
UGN Security 3481
§intå× 3250
IceMyst 1449
SilentRage 1273
Ice 1146
pergesu 1134
Infinite 1039
jonconley 954
Girlie 903
Newest Members
Sparkz, heeheehaahaa, ssploo7, red queen, byopc
6869 Registered Users
Who's Online
1 Registered (Artic Warrior), 12 Guests and 4 Spiders online.
Key: Admin, Global Mod, Mod
Latest News
Update Humpday - Sept 03, 2008
by Gizmo
09/04/08 09:37 AM
Update Humpday - Aug 27, 2008
by Gizmo
08/28/08 12:58 AM
Update Humpday - Aug 20, 2008
by Gizmo
08/21/08 01:48 AM
Update Humpday - Aug 14, 2008
by Gizmo
08/14/08 08:33 AM
Privacy statement · Mark all read
Contact Us · UGN Security · Top


Donate
Get the Google FireFox Toolbar 		Get Firefox!
Get FireFox!