LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-02-2006, 03:10 AM   #1
irfanhab
Member
 
Registered: Jan 2004
Location: Pakistan
Distribution: OpenSuse 10.2, Slackware 11, Solaris 10
Posts: 415

Rep: Reputation: 34
How to secure Server


I've got a server, it runs various services including ssh, now everyday someone frmo some IP tries to login in repeatedly by trying different passwords
like this from yesterday
Code:
Jun  1 20:44:07 cern2-222 sshd[8059]: Invalid user fulmali from 125.249.164.105
Jun  1 20:44:07 cern2-222 sshd[8059]: Failed password for invalid user fulmali from 125.249.164.105 port 55332 ssh2
Jun  1 20:44:14 cern2-222 sshd[8061]: Invalid user fulmali from 125.249.164.105
Jun  1 20:44:14 cern2-222 sshd[8061]: Failed password for invalid user fulmali from 125.249.164.105 port 55501 ssh2
Jun  1 20:44:21 cern2-222 sshd[8063]: Invalid user fulmali1 from 125.249.164.105
Jun  1 20:44:21 cern2-222 sshd[8063]: Failed password for invalid user fulmali1 from 125.249.164.105 port 55687 ssh2
Jun  1 20:44:27 cern2-222 sshd[8065]: Invalid user ghussain from 125.249.164.105
Jun  1 20:44:27 cern2-222 sshd[8065]: Failed password for invalid user ghussain from 125.249.164.105 port 55881 ssh2
Jun  1 20:44:33 cern2-222 sshd[8067]: Invalid user ghussain from 125.249.164.105
Jun  1 20:44:33 cern2-222 sshd[8067]: Failed password for invalid user ghussain from 125.249.164.105 port 56058 ssh2
Jun  1 20:44:40 cern2-222 sshd[8069]: Invalid user ghussain from 125.249.164.105
Jun  1 20:44:40 cern2-222 sshd[8069]: Failed password for invalid user ghussain from 125.249.164.105 port 56230 ssh2
Jun  1 20:44:47 cern2-222 sshd[8071]: Invalid user ghussain1 from 125.249.164.105
Jun  1 20:44:47 cern2-222 sshd[8071]: Failed password for invalid user ghussain1 from 125.249.164.105 port 56421 ssh2
Jun  1 20:44:52 cern2-222 sshd[8073]: Invalid user ghussain from 125.249.164.105
Jun  1 20:44:52 cern2-222 sshd[8073]: Failed password for invalid user ghussain from 125.249.164.105 port 56591 ssh2
Jun  1 20:44:58 cern2-222 sshd[8075]: Invalid user ghussain from 125.249.164.105
Jun  1 20:44:58 cern2-222 sshd[8075]: Failed password for invalid user ghussain from 125.249.164.105 port 56743 ssh2
So how can I secure my server from these people, of course I could use IPtables, but there are two problems with it:
I cant possibly know from which IP an attack will occurr, thus I cant block specific IPs, and if I block a range, then I could be disallowing legitimate logins.

so how do I setup the server up to allow the "good" guys in and keep the bad guys out
 
Old 06-02-2006, 03:15 AM   #2
huanvnn
LQ Newbie
 
Registered: May 2006
Posts: 20

Rep: Reputation: 0
the problem can solve if you put your sshd server listen with internal address(not the address connected to isp).you can see more in my post in subforum linux security
 
Old 06-02-2006, 03:31 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,118
Blog Entries: 54

Rep: Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787Reputation: 2787
@huanvnn: the problem can solve if you put your sshd server listen with internal address(not the address connected to isp)
I'm sorry, but that advice IMHO doesn't cut it in most situations. Please read the sticky threads in this forum if you want to give useful advice supported by more people than one. Thanks.


@irfanhab: See the Failed SSH login attempts thread for working solutions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is OS X secure enough to use as a server? Travis86 Other *NIX 9 10-15-2004 11:23 PM
Secure server that allows for rdp redogre82 Linux - Software 1 09-04-2004 03:55 PM
Linux Secure Server? RagingIfrit Linux - Software 6 08-01-2004 04:24 AM
Halflife server won't go secure! horsepower300 Linux - Newbie 4 07-23-2003 01:26 PM
secure pop3 server JustinHoMi Linux - Security 2 10-26-2001 05:55 PM


All times are GMT -5. The time now is 12:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration