Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by ">User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a ">Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#17025 - 07/08/05 12:00 AM ssh/auth/apache security  
Joined: Dec 2004
Posts: 22
busfault Offline
Junior Member
busfault  Offline
Junior Member

Joined: Dec 2004
Posts: 22
NY
I have a fair amount of Linux experience, however I am not sure what to do, or how to go about, working on this issue.
Currently I am allowing only a couple of ways to access my machine (300MHz Pentium with Debian Linux Unstable) of which are ftp, http, and ssh. I was looking through my logs and I am getting a bulk of traffic that is obvious script crap. For instance my auth.log is filled with invalid logins of numerous usernames, (alphabetic I may add) and in my Apache logs they are filled with obvious attempts to break Apache, well mostly Windows IIS.
So enough with the scenario, I would like to know how I can make it so that when there are numerous unwanted attempts that I can put their IPs into a blacklist that won't be allowed to connect to my machine at all. So that when that IP tries to connect it doesn't even get to the application. Then perhaps I would like to be able to let that address sit for a period of time before it is let back in, so that I don't block legitimate connections since person's IPs change.
Any help would be greatly appreciated.


-----BEGIN GEEK CODE BLOCK-----
GCS/E d- s++:- a- C+++ UL+++ P+ L++ E-- W- N+ o-- K- w--- O M+ V-- PS++ PE-- Y+ PGP t+ 5++ X+ R+++ tv+ b++ DI++ D--- G++ e+ h r+++ y++++
------END GEEK CODE BLOCK------
Sponsored Links
#17026 - 07/08/05 05:38 AM Re: ssh/auth/apache security  
Joined: Feb 2002
Posts: 7,198
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,198
Likes: 11
Portland, OR; USA
Use a non-standard port for SSH, disable Telnet; for your apache you can make a .htaccess file and ban ip's directly (I prefer masks myself); an example would be:

Taken directly from UGN's .htaccess file:
Code
# Deny users IP's #
order allow,deny
#deny from 123.45.6.7 - Bans Direct IP
#deny from 012.34.5. - Bans IP block 012.34.5.*
#deny from .undergroundnews.com - bans host of *.undergroundnews.com
deny from .kestii.go.ro
allow from all


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#52490 - 12/19/10 03:58 PM Re: ssh/auth/apache security [Re: busfault]  
Joined: Dec 2010
Posts: 6
diggin2deep Offline
UGN Newbie
diggin2deep  Offline
UGN Newbie

Joined: Dec 2010
Posts: 6
New Orleans
The best way to do this is with the Fail2Ban program which comes with a number of filters to help you accomplish just this. Most distros have this in their repositories, just look around a little. You can also set in your sshd.conf that only certain keys can login or that they authenticate with a private key in addition to/instead of a password.

#52525 - 12/23/10 01:03 PM Re: ssh/auth/apache security [Re: busfault]  
Joined: Feb 2002
Posts: 7,198
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,198
Likes: 11
Portland, OR; USA
Most ISP's don't allow access to the firewall, but I guess that would be useful for personal machines.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,198
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics33,855
Posts68,997
Members2,163
Average Daily Posts3
Members2,163
Most Online1,567
Apr 25th, 2010
Latest Postings
Blackbeard.....
by Gremelin on 01/14/17 07:03 PM
Top Posters(All Time)
UGN Security 41,089
Gremelin 7,198
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 3
Black Beard Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
fleshwound Likes: 1
Ghost Likes: 2
Gremelin Likes: 12
Ice Likes: 1
ninjaneo Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20170206)