Re: [bitfolk] The perils of opening tcp/22 to the Internet

On Thu, 18 Mar 2010 00:35:15 +0000 Ian <ian(a)lovingboth.com> wrote: I found the same with DenyHosts. I also managed to have my IP banned, but at least I had a SSH session open to be able to reverse things. The problem was caused by DenyHosts running through the auth log and finding my abortive attempts at connection a couple of days earlier. Putting my IP in /etc/hosts.allow sorted that. One of the things I like about DenyHosts is the sync feature to build up a list of naughty users/hosts. I would like to see an idiots guide as well, although googling might provide such. The use of non-standard ports is fine as long as you can remember what the new ports are on all the machines you access. Remembering the standard port is much easier - but also easier for the the slime I have been using Linux for several years, but not outside my own home network, so I am no expert on "outside" security. I purchased a VPS to allow me to experiment with a real system. The first thing I did was to check the logs, and that pointed me to a problem with ssh hacking. A bit of googling threw up DenyHosts, and after a few hiccups it is now working. As I am not expert in the many configuration files necessary for a running system I installed Webmin to give some help in setting things up. Webmin seems to have split reviews - the Debian community hate it and will flame anyone asking for advice for it, but other distros seem more laid back. Because my VPS is used as a training platform I do not access it very often, so something providing a bit of protection in the background is welcome. I would have thought that a VPS could be provided in a locked-down form - perhaps with a firewall running allowing very few services. Then the senior admins can change things to their own way of working, and those lesser beings have a platform which has some basic security built in. Regards David