RRe: How to report Internet Abuse
gm5729
gm5729 at gmail.com
Tue Jul 27 12:45:27 MST 2010
You can't stop a server from hitting you. It's impossible.
You can stop it from getting into your network.
Three quickies are a proper IPTables
A new invention called hosts.allow/hosts.deny. You can block whole
countries this way. I have about a dozen that I do.
Making sure your first line of defense -- the router is configure
properly. Mine basically has a hosts.allow/hosts.deny function on it
so I use it.
If it is a specific port you use for whatever: port knocking, adjust
the port above 2000 so that perchance someone gets in they only have
user level perms. If it is port 22. Make sure your ssh/sshd files are
properly configured. You can nail down to a specific IP and/or
user/group that is supposed to use SSH.
Use PAM.
Make sure your /etc/sysctl.conf file is properly configured.
Make sure your kernel is stack hardened. I like Zen, but others like
others. If you need super security there is always IPSec, GRsec sp?
and even SELinux.
Ensure sane compliance to passphrases.
You can use sshguard, fail2ban or the like to slow down robots. They
like to hit hard and fast. If you slow them down to 15 mins of having
to wait to try 3 more times. They get bored and move on.
Don't know what kind of distro you use. Change your shadow file to
blowfish, which might require a kernel recompile as most don't go that
far OR use the highest level of passphrase encryption possible which
is SHA512. Most distros only use MD5..... I'm going to include SSH
in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most
secure. DES by itself is not, but DES3 is... basically be smart.
Permissions, permissions, permissions. Don't use world readable files
if not necessary.
Make sure you have a robots.txt file in your Apache Setup.
Anyway,....
vp
More information about the PLUG-discuss
mailing list