14 Mar
2010
14 Mar
'10
10:11 a.m.
Hi Casper,
On Sun, Mar 14, 2010 at 09:46:35AM +0000, Casper Gasper wrote:
I'm not sure this gets you much -- many bots just want to send
email/packets to other networks which can be done with regular
accounts.
Absolutely. I was just really thinking from a best practice point of
view here. Although I haven't kept stats on how many compromises
were root vs user, I feel like if a customer can get a user account
compromised then it's maybe not much more difficult to imagine their
root account's password going the same way.
If they can convince me that root hasn't been obtained and they've
cleaned up the scanner then I'm usually happy enough to turn network
back on without re-imaging the VPS.
Hmm, this is a reactive thing again isn't it, so I'm off-topic
myself.
Running ssh on a non-standard port is the best option in terms of
setup time and effectiveness -- it won't deter a dedicated attack, but
it stops you being the low-hanging fruit.
I just feel like it would be too controversial and unacceptable for
this to happen before setup.
It's a good suggestion for people looking to defend against this,
Really doing anything at all helps you a lot, don't have to outrun
the bear, just have to outrun your slowest friend.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
"The electric guitar - like making love - is much improved by a little
feedback, completely ruined by too much." -- The League Against Tedium
I'm no longer a bitfolk customer, but IMHO:
Ha, thanks for sticking around. :)
3) Disable root login.
I would say yes for every OS. There shouldn't really be any need to
log in as root (esp if you can su/sudo up to it). 6) Move sshd to another port.
More of a security by obscurity approach, but it would limit the
inbound attacks.