Monday, August 10, 2009

Avoid ssh attacks

If you ever look at you security logs and found something like

sshd[18561]: Failed password for invalid user nagios from 69.197.163.178 port 47771 ssh2


This a brute force attack to you server, yes there are some people with scripts that can be found on the net, that just try to login to you sever using a dictionary of common used users and password, so how do we avoid this, you can install denyhosts script you can download it from http://denyhosts.sourceforge.net/ or if using Fedora just do yum install denyhosts

After installation remember to set it up to start and set it to start on the next boot.

Fedora

service denyhosts start

and

chkconfig denyhosts on

How it works, it read the secure logs of your sever and watch for the host attacking your system, and the user, then it update the info on the /etc/hosts.deny file on your system so the services will not respond to this host attack again.

How ever there are more options to secure your sever using this script, for those please read


This is cool right. Enjoy.

1 comment:

tjohansen said...

thx worked on my ubuntu server.