Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#17025 - 07/08/05 12:00 AM ssh/auth/apache security  
Joined: Dec 2004
Posts: 22
busfault Offline
Junior Member
busfault  Offline
Junior Member

Joined: Dec 2004
Posts: 22
NY
I have a fair amount of Linux experience, however I am not sure what to do, or how to go about, working on this issue.
Currently I am allowing only a couple of ways to access my machine (300MHz Pentium with Debian Linux Unstable) of which are ftp, http, and ssh. I was looking through my logs and I am getting a bulk of traffic that is obvious script crap. For instance my auth.log is filled with invalid logins of numerous usernames, (alphabetic I may add) and in my Apache logs they are filled with obvious attempts to break Apache, well mostly Windows IIS.
So enough with the scenario, I would like to know how I can make it so that when there are numerous unwanted attempts that I can put their IPs into a blacklist that won't be allowed to connect to my machine at all. So that when that IP tries to connect it doesn't even get to the application. Then perhaps I would like to be able to let that address sit for a period of time before it is let back in, so that I don't block legitimate connections since person's IPs change.
Any help would be greatly appreciated.


-----BEGIN GEEK CODE BLOCK-----
GCS/E d- s++:- a- C+++ UL+++ P+ L++ E-- W- N+ o-- K- w--- O M+ V-- PS++ PE-- Y+ PGP t+ 5++ X+ R+++ tv+ b++ DI++ D--- G++ e+ h r+++ y++++
------END GEEK CODE BLOCK------
Sponsored Links
#17026 - 07/08/05 05:38 AM Re: ssh/auth/apache security  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Use a non-standard port for SSH, disable Telnet; for your apache you can make a .htaccess file and ban ip's directly (I prefer masks myself); an example would be:

Taken directly from UGN's .htaccess file:
Code:
# Deny users IP's #
order allow,deny
#deny from 123.45.6.7 - Bans Direct IP
#deny from 012.34.5. - Bans IP block 012.34.5.*
#deny from .undergroundnews.com - bans host of *.undergroundnews.com
deny from .kestii.go.ro
allow from all


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#52490 - 12/19/10 03:58 PM Re: ssh/auth/apache security [Re: busfault]  
Joined: Dec 2010
Posts: 6
diggin2deep Offline
UGN Newbie
diggin2deep  Offline
UGN Newbie

Joined: Dec 2010
Posts: 6
New Orleans
The best way to do this is with the Fail2Ban program which comes with a number of filters to help you accomplish just this. Most distros have this in their repositories, just look around a little. You can also set in your sshd.conf that only certain keys can login or that they authenticate with a private key in addition to/instead of a password.

#52525 - 12/23/10 01:03 PM Re: ssh/auth/apache security [Re: busfault]  
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Most ISP's don't allow access to the firewall, but I guess that would be useful for personal machines.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics47,469
Posts82,639
Average Daily Posts8
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 40,633
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)