Hans-Georg Michna <
hans-georgNoEmailPlease@michna.com> wrote:
My server runs under Plesk, and my knowledge of Linux is
superficial. There is always hope, of course, that Plesk one day
improves resistance against cyberattacks.
It's time to get your hands dirty and quit relying on those stupid control panels.
Both of these work wonders, protects the sshd, imap, pop and smtp with or without ssl/tls support.
Once an attacker from the same ip address enters 4 or 5 bad password, it's locked out. For how long is adjustable.
http://www.aczoom.com/blockhosts/
http://www.sshguard.net
But here is the run down, blockhosts is probably obsolete unless you use
it with iptables. It used to be dumb simple to install using the hosts.deny
and hosts.allow files, but the recent changes to ssh/ssl, they don't support the tcpwrappers anymore, so it's iptables or nothing.
The sshguard works well for a replacement but is difficult to get going.
Unlike blockhosts, adding in or modifying the rules (how it parses the log files) isn't there. For solaris I ended up using a combination of the native syslog and syslog-ng.
Both will require an understanding of parsing log files and how to setup and make rules for the firewall. It's a steep, complicated hill to climb.
But when you get them to fire up, they pretty much are maintenance free.
They clean up themselves over time (take out dead or expired entries). Only reason to poke a stick at them is if an idiot user sets up a new device and "thinks" they know what the password is. You have to figure it out and put
in an exception but it's no big deal.
The blockhosts pretty much works on anything that has python on it, the sshguard will need to be compiled to the box it's going to work. If you don't know how to compile software, add that to the list of stuff to learn.
Good luck.
-bruce
bje@ripco.com
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)