Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page Under Brute Force Attacks
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-20-2009, 11:41 AM
am-fs am-fs is offline
 
Join Date: Mar 2005
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Under Brute Force Attacks
My Host says im under a Brute Force SSH Attack.

They told me to set up firewall [iptables]

Problem is i never used SSH and have no clue on the settings.

I have had my VB site since 05 and never had any problems with attacks.

So now it is time to learn SSH.

When setting up SSH, what Bin should be used on the server? ( See Attachment )

Does this code look right:
PHP Code:
iptables -N SSH_CHECK

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK

iptables -A SSH_CHECK -m recent --set --name SSH

iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP 
Also is there any other instructions after using the above code?

Like Rebooting server, ect?

Thanks
Am-fs
Attached Images
File Type: jpg ssh.jpg (22.9 KB, 0 views)
Reply With Quote
  #2  
Old 10-20-2009, 02:41 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Just disable Password Authentication and switch to Pubkey authentication to get rid of this
Reply With Quote
  #3  
Old 10-20-2009, 03:50 PM
am-fs am-fs is offline
 
Join Date: Mar 2005
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks for the response Angel-Wings

Is this what your talking about?
http://wiki.joyent.com/accelerators:...ublic-key-only

I have no experience with ssh so if you have a link that would be great.

am-fs
Reply With Quote
  #4  
Old 10-20-2009, 11:20 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
nano /etc/hosts.allow

add this in the file and save the file (add a backup IP so you dont have to call your host):
sshd:xx.xx.xx.xx, xx.xx.xx.xx.xx, xx.xx.xx.xx

nano /etc/hosts.deny

add this to the file and save:
sshd:ALL

This will stop ssh from answering to anyone except the IP's you list in hosts.allow

You can also change ssh's port it answers on, this file depends on the OS your running, ill assume centcrapOS
nano /etc/ssh/sshd_config

Change this:
# What ports, IPs and protocols we listen for
Port 22 to post 2200 or 2222 etc and save the faile.

/etc/rc.d/init.d/sshd restart ( You can restart it even when your logged in)
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:04 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03574 seconds
  • Memory Usage 2,206KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (1)postbit_attachment
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete