On Tue, Jul 27, 2010 at 12:51 PM, Michael Havens wrote: > that was really a good post! > If this is real abuse, you can always complain to the admin of the IP superblock - IANA -> ARIN -> GlobalTelecomHolding -> SmallerGlobalTelecom -> ..... find out who manages the block of IP from which you are getting attacked - it's their client, maybe they can control 'em. I don't know if this works anymore - without legal papers. ymmv > On Tue, Jul 27, 2010 at 12:45 PM, gm5729 wrote: >> >> You can't stop a server from hitting you. It's impossible. >> >> You can stop it from getting into your network. >> >> Three quickies are a proper IPTables >> A new invention called hosts.allow/hosts.deny. You can block whole >> countries this way. I have about a dozen that I do. so which parts of the planet do you block? or do you subscribe to a RBL? http://en.wikipedia.org/wiki/DNSBL >> Making sure your first line of defense -- the router is configure >> properly. Mine basically has a hosts.allow/hosts.deny function on it >> so I use it. it is a good idea to put yourself in hosts.allow before adding anything to hosts.deny. >> >> If it is a specific port you use for whatever: port knocking, adjust >> the port above 2000 so that perchance someone gets in they only have >> user level perms. If it is port 22. Make sure your ssh/sshd files are >> properly configured. You can nail down to a specific IP and/or >> user/group that is supposed to use SSH. >> >> Use PAM. >> >> Make sure your /etc/sysctl.conf file is properly configured. >> >> Make sure your kernel is stack hardened. I like Zen, but others like >> others. If you need super security there is always IPSec, GRsec sp? >> and even SELinux. >> >> Ensure sane compliance to passphrases. >> >> You can use sshguard, fail2ban or the like to slow down robots. They >> like to hit hard and fast. If you slow them down to 15 mins of having >> to wait to try 3 more times. They get bored and move on. >> >> Don't know what kind of distro you use. Change your shadow file to >> blowfish, which might require a kernel recompile as most don't go that >> far OR use the highest level of passphrase encryption possible which >> is SHA512. Most distros only use MD5.....    I'm going to include SSH >> in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most >> secure. DES by itself is not, but DES3 is... basically be smart. >> >> Permissions, permissions, permissions. Don't use world readable files >> if not necessary. >> >> Make sure you have a robots.txt file in your Apache Setup. >> >> Anyway,.... >> >> vp >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > :-)~MIKE~(-: > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss