ssh service getting bombarded

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

ssh service getting bombarded

Post by pretentious on Sat Apr 06, 2013 4:07 am
([msg=74952]see ssh service getting bombarded[/msg])

So I recently set up a server, installed lamp and configured it so i can remote access when i need to. I've only had this server online for a few days and it's already been attacked. I've got an endless log file full of failed ssh connections and a few suspicious apache requests. I've got denyHosts running now so i'm hoping that will limit the ssh problem. My question is, are attacks really this common? or could I be somehow advertising myself in a way that i shouldn't?
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 690
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: ssh service getting bombarded

Post by e3cb on Sat Apr 06, 2013 11:45 pm
([msg=74976]see Re: ssh service getting bombarded[/msg])

It may very well just be someone who used Shodan to look for vulnerable services and came across your server. Just gives motivation to harden. Try disabling password login for SSH and only allow for public key auth. As for your advertising yourself, like I said, someone may have just been using Shodan. Try disabling any services that have knwon vulnerabilities and harden the server a bit. If you havent checked it out, I would recomend checking out Shodan: http://www.shodanhq.com/
<3 FF E4 <3
Do you even asm bruh?
User avatar
e3cb
Experienced User
Experienced User
 
Posts: 64
Joined: Fri Feb 15, 2013 11:32 pm
Location: Orange County
Blog: View Blog (0)


Re: ssh service getting bombarded

Post by LoGiCaL__ on Sun Apr 07, 2013 4:16 pm
([msg=74991]see Re: ssh service getting bombarded[/msg])

e3cb wrote: Try disabling password login for SSH and only allow for public key auth.


If you haven't already, then this ^. Also don't use the default port for ssh. Use an arbitrary port that isn't currently being used.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: ssh service getting bombarded

Post by fashizzlepop on Sun Apr 07, 2013 6:03 pm
([msg=74996]see Re: ssh service getting bombarded[/msg])

^Definitely. The best way to avoid these attacks. And changing the port isn't even that necessary.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests