#1  
Old 21st November 2006, 18:30
IKShadow IKShadow is offline
Member
  
Join Date: Jan 2006
Location: Slovenia
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to IKShadow
Default Prevent BREAKIN ATTEMPT!
Hi

I have a lot of breakin attempts on my server (you can see few exemples bellow).

Is it possible to set some kind of auto ban for IP's after invalid user or password is entered 10 times.

Quote:
Nov 17 14:59:57 krneki sshd[20092]: Address 202.83.173.146 maps to ntc.net.pk, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
Nov 17 14:59:59 krneki sshd[20096]: Address 202.83.173.146 maps to ntc.net.pk, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
Nov 17 15:00:00 krneki sshd[20098]: Address 202.83.173.146 maps to ntc.net.pk, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
Nov 18 02:14:50 krneki sshd[19207]: Invalid user kernel from 88.198.22.107
Nov 18 02:14:50 krneki sshd[19209]: Invalid user july from 88.198.22.107
Nov 18 02:14:50 krneki sshd[19211]: Invalid user juliet from 88.198.22.107
Nov 18 02:14:51 krneki sshd[19213]: Invalid user kernel from 88.198.22.107
__________________
SUSE 11.3 (perfect install)
ISPConfig 3.0.3.2
Reply With Quote
Sponsored Links
  #2  
Old 21st November 2006, 19:15
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,665
Thanks: 1,896
Thanked 2,595 Times in 2,446 Posts
Default
Quote:
Originally Posted by IKShadow
Is it possible to set some kind of auto ban for IP's after invalid user or password is entered 10 times.
Have a look here: http://www.howtoforge.com/preventing...with_denyhosts
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st November 2006, 19:35
IKShadow IKShadow is offline
Member
  
Join Date: Jan 2006
Location: Slovenia
Posts: 84
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to IKShadow
Default
Quote:
Originally Posted by falko

Thank you for quick reply.
__________________
SUSE 11.3 (perfect install)
ISPConfig 3.0.3.2
Reply With Quote
  #4  
Old 22nd November 2006, 21:31
domino domino is offline
Senior Member
  
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 4 Times in 3 Posts
Default
It's not uncommon to see a lot of entries in your logs. i have BFD installed and my logs show many. Just make sure you use a really hard password numbers, and chars.

If you really want to make it a little harder, change the root shell port to anything other than 22 and create 2 logins. a dummy login and then the root login. It wont make your server impenitrable, but it can make it a little harder for intruders.
__________________
Shuttle XPC | Intel 865g | P4 3.2Ghz | ATI 9800 Pro
Hosts: Ubuntu 6.10 ~ XGL-Beryl SVN-Gnome | OS X 10.4.8 | WindowsXP
Virtual Appliances: Ubuntu Server 6.10 | WindowsXP | CentOS 4.4
Reply With Quote
  #5  
Old 22nd November 2006, 21:41
edge edge is online now
Moderator
  
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,010
Thanks: 254
Thanked 134 Times in 120 Posts
Default
Quote:
Originally Posted by domino
If you really want to make it a little harder, change the root shell port to anything other than 22 and create 2 logins. a dummy login and then the root login. It wont make your server impenitrable, but it can make it a little harder for intruders.
Or just create a firewall rule with IPTABLES for the IP (yours) that is okay to access the server with SSH
Reply With Quote
  #6  
Old 22nd November 2006, 22:04
domino domino is offline
Senior Member
  
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 4 Times in 3 Posts
Default
well that would be a problem with jailed users that request shell. And I would imagine it would be anoying if you and your clients have a dynamic IP.
__________________
Shuttle XPC | Intel 865g | P4 3.2Ghz | ATI 9800 Pro
Hosts: Ubuntu 6.10 ~ XGL-Beryl SVN-Gnome | OS X 10.4.8 | WindowsXP
Virtual Appliances: Ubuntu Server 6.10 | WindowsXP | CentOS 4.4
Reply With Quote
  #7  
Old 22nd November 2006, 22:15
edge edge is online now
Moderator
  
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,010
Thanks: 254
Thanked 134 Times in 120 Posts
 
Default
Quote:
Originally Posted by domino
well that would be a problem with jailed users that request shell. And I would imagine it would be anoying if you and your clients have a dynamic IP.
That is true!

An other nice way is by using Port Knocking
Again.. Not a nice way for your users...
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WG311v2 almost working with Edgy (w/o ndiswrapper) need help with the rest caudata Server Operation 11 13th November 2006 20:02
Kernel Panic - Not Syncing : Attempt to kill init! Rock Kernel Questions 12 22nd September 2006 12:39
How to prevent an Open Mail-Relay? tom General 2 17th May 2006 20:56
Prevent users from reading eachothers directories + ISPConfig compatibility Norman General 5 12th May 2006 11:02
How to prevent mailuser to change his password? rosa hsiao General 4 28th December 2005 03:53


All times are GMT +2. The time now is 00:10.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.