View Single Post
  #2  
Old 27th March 2009, 22:45
robilaur robilaur is offline
Member
 
Join Date: Sep 2007
Location: Romania
Posts: 86
Thanks: 4
Thanked 12 Times in 9 Posts
Send a message via Yahoo to robilaur
Default

Well in my opinion.... Isp firewall doesnt do mutch except filter some ports..... the real deal is with fail2ban and denyhost... if u configure this 2 properly you whont have problems... i`ve been working on this matter for the past 3 days... so... u need to modify this config
Code:
/etc/fail2ban/fail2ban.conf
and set the max retry to 3 ( if the attaker fails to login from 3 attemps gets baned) , Set bantime to -1 (this means it will be a definete ban (until u restart fail2ban)) configure postfix and proftp option so they dont attack your ftp. and thats about it... u can look for denyhost conf also and try to make some ajustments there also... i made some but dont really remember what. Oh... and another thing is to change you ssh port from 22 to something else.... most hacker this day use a password tryer scaner...( they conect by default to ssh 22 and they try a lots of passwords...) oh... and keep your server up to date... If u whant to ban an IP .... just insert it in /etc/host.deny and restart hostdeny... i think thats permanent.

Hope it helps...
__________________
Best Regards,

Robert
Reply With Quote