Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I noticed recently that I have many login attempts, over 2 million and counting. This is surely a brute force attack.
How can I auto block ip for 15 minutes on root ssh access failure?
I don't need a firewall; just a small option to activate this security feature.
What do you suggest?
I suggest using SSH keys and not using passwords at all. Even if you don't do that I recommend disabling SSH logins as root directly. Either way you won't have to worry about your problem. Remember that if you block IPs on failed login attempts then you'll have to worry about denial of service that can allow anyone to deny you access to your own machine if he's behind the same NAT as you, etc. Also any attacker worth his salt would just distribute the attack across many IPs anyway.
fail2ban (works out of the box, and works quite nicely)
Related
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm looking to do some pair programming with a collegue remotely, and I'm looking for the best tool to help us achieve this.
Ideally I'd prefer for the remote user to have as little access as possible, and it'd be preferrable if I could monitor all their actions.
GUI access is not required, shell is enough.
For example, shared tmux or screen sessions would work well, if they were easy to setup and secure.
Just create a new, non-root user account on the machine, then run tmux under that account. Screen sharing is easy and is what will "just happen" if you both "attach" to the same screen session. If there is nothing under that temporary user account that you care about, there is little damage that they could do, AFAIK, though your question may be more appropriate for https://serverfault.com/.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have caught a hacker after looking through my site's FTP logs - it looks as if they have gleaned a list of passwords for several of my sites and are now connecting on a daily basis to upload spammy PHP files that perform header redirects to their sites. They always connect from the same IP address.
Blocking that IP and changing the FTP passwords is a given, but it seems so mundane and submissive. Is there anything I can do to this guy as he connects or once he's already in the system?
Some recommendations:
Change your FTP port. Most script kiddies use a port scanner to scan a list of IP addresses for TCP services. They mostly look for port 21.
Disable root login for SSH.
You mentioned this before, but make sure your password is secure and not written down on a post-it note on you computer monitor.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Okay I understand that this might be a silly question.
I'm looking forward to unblock Youtube in my country. I'm quite sure its a simple address/url block. I currently have to use proxies which reduce the speed of the connection. I tried to use the IP of Youtube to open it up but Youtube's IP actually opens up Google.com so that it is of no use.
I was also thinking of something like creating a DNS entry on one of my sub-domains that might point to Youtube's URL in some way but that might not be possible as I don't really know how DNS systems work at all. So some guesses might help. I'm not sure of some other hidden URLs that point to Youtube or even if some exist. So they might help as well.
May be using VPN connection to some provider that does not block the traffic would help? This one for example: http://privateinternetaccess.com
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Let's say an operating system is installed on a computer and a DBMS is installed on the same computer. Suppose that the operating system has a security vulnerability. Is there a possibility that the security vulnerability of the OS causes a security vulnerability of the DBMS?
Thanks.
absolutely. If a user can exploit an OS bug to get root access, they can do anything they want. Steal your database, mess around with things, etc...
That's why its important to always get latest security updates for you servers. Also, its common practice to keep servers in a de-militarized zone, behind firewalls. Only the ports that need to be open should be open.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have recently started using iptables, and I executed iptables -F without knowledge of what it might do. And suddenly I have lost connection to the node. I can't even ping the node. Any help would be highly appreciated!
Thanks!
You will need physical access to the computer and either restart the firewall script or simply reboot the server (but that's the "rude" way of fixing this).
If this computer is hosted at colocation company you need to either contact their support and ask them to reboot the machine (do not give them your password) or sometimes they have some sort of remote rebooting mechanism. Look through the FAQ of the colocation provider.