#1  
Old 21st November 2006, 19:30
IKShadow IKShadow is offline
Member
 
Join Date: Jan 2006
Location: Slovenia
Posts: 85
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to IKShadow
Default Prevent BREAKIN ATTEMPT!

Hi

I have a lot of breakin attempts on my server (you can see few exemples bellow).

Is it possible to set some kind of auto ban for IP's after invalid user or password is entered 10 times.

Quote:
Nov 17 14:59:57 krneki sshd[20092]: Address 202.83.173.146 maps to ntc.net.pk, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
Nov 17 14:59:59 krneki sshd[20096]: Address 202.83.173.146 maps to ntc.net.pk, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
Nov 17 15:00:00 krneki sshd[20098]: Address 202.83.173.146 maps to ntc.net.pk, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
Nov 18 02:14:50 krneki sshd[19207]: Invalid user kernel from 88.198.22.107
Nov 18 02:14:50 krneki sshd[19209]: Invalid user july from 88.198.22.107
Nov 18 02:14:50 krneki sshd[19211]: Invalid user juliet from 88.198.22.107
Nov 18 02:14:51 krneki sshd[19213]: Invalid user kernel from 88.198.22.107
__________________
SUSE 11.3 (perfect install)
ISPConfig 3.0.3.2
Reply With Quote
Sponsored Links
  #2  
Old 21st November 2006, 20:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by IKShadow
Is it possible to set some kind of auto ban for IP's after invalid user or password is entered 10 times.
Have a look here: http://www.howtoforge.com/preventing...with_denyhosts
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st November 2006, 20:35
IKShadow IKShadow is offline
Member
 
Join Date: Jan 2006
Location: Slovenia
Posts: 85
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to IKShadow
Default

Quote:
Originally Posted by falko

Thank you for quick reply.
__________________
SUSE 11.3 (perfect install)
ISPConfig 3.0.3.2
Reply With Quote
  #4  
Old 22nd November 2006, 22:31
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

It's not uncommon to see a lot of entries in your logs. i have BFD installed and my logs show many. Just make sure you use a really hard password numbers, and chars.

If you really want to make it a little harder, change the root shell port to anything other than 22 and create 2 logins. a dummy login and then the root login. It wont make your server impenitrable, but it can make it a little harder for intruders.
__________________
Shuttle XPC | Intel 865g | P4 3.2Ghz | ATI 9800 Pro
Hosts: Ubuntu 6.10 ~ XGL-Beryl SVN-Gnome | OS X 10.4.8 | WindowsXP
Virtual Appliances: Ubuntu Server 6.10 | WindowsXP | CentOS 4.4
Reply With Quote
  #5  
Old 22nd November 2006, 22:41
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,042
Thanks: 269
Thanked 154 Times in 133 Posts
Default

Quote:
Originally Posted by domino
If you really want to make it a little harder, change the root shell port to anything other than 22 and create 2 logins. a dummy login and then the root login. It wont make your server impenitrable, but it can make it a little harder for intruders.
Or just create a firewall rule with IPTABLES for the IP (yours) that is okay to access the server with SSH
Reply With Quote
  #6  
Old 22nd November 2006, 23:04
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

well that would be a problem with jailed users that request shell. And I would imagine it would be anoying if you and your clients have a dynamic IP.
__________________
Shuttle XPC | Intel 865g | P4 3.2Ghz | ATI 9800 Pro
Hosts: Ubuntu 6.10 ~ XGL-Beryl SVN-Gnome | OS X 10.4.8 | WindowsXP
Virtual Appliances: Ubuntu Server 6.10 | WindowsXP | CentOS 4.4
Reply With Quote
  #7  
Old 22nd November 2006, 23:15
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,042
Thanks: 269
Thanked 154 Times in 133 Posts
 
Default

Quote:
Originally Posted by domino
well that would be a problem with jailed users that request shell. And I would imagine it would be anoying if you and your clients have a dynamic IP.
That is true!

An other nice way is by using Port Knocking
Again.. Not a nice way for your users...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WG311v2 almost working with Edgy (w/o ndiswrapper) need help with the rest caudata Server Operation 11 13th November 2006 21:02
Kernel Panic - Not Syncing : Attempt to kill init! Rock Kernel Questions 12 22nd September 2006 13:39
How to prevent an Open Mail-Relay? tom General 2 17th May 2006 21:56
Prevent users from reading eachothers directories + ISPConfig compatibility Norman General 5 12th May 2006 12:02
How to prevent mailuser to change his password? rosa hsiao General 4 28th December 2005 04:53


All times are GMT +2. The time now is 05:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.