that was really a good post! On Tue, Jul 27, 2010 at 12:45 PM, gm5729 wrote: > You can't stop a server from hitting you. It's impossible. > > You can stop it from getting into your network. > > Three quickies are a proper IPTables > A new invention called hosts.allow/hosts.deny. You can block whole > countries this way. I have about a dozen that I do. > Making sure your first line of defense -- the router is configure > properly. Mine basically has a hosts.allow/hosts.deny function on it > so I use it. > > If it is a specific port you use for whatever: port knocking, adjust > the port above 2000 so that perchance someone gets in they only have > user level perms. If it is port 22. Make sure your ssh/sshd files are > properly configured. You can nail down to a specific IP and/or > user/group that is supposed to use SSH. > > Use PAM. > > Make sure your /etc/sysctl.conf file is properly configured. > > Make sure your kernel is stack hardened. I like Zen, but others like > others. If you need super security there is always IPSec, GRsec sp? > and even SELinux. > > Ensure sane compliance to passphrases. > > You can use sshguard, fail2ban or the like to slow down robots. They > like to hit hard and fast. If you slow them down to 15 mins of having > to wait to try 3 more times. They get bored and move on. > > Don't know what kind of distro you use. Change your shadow file to > blowfish, which might require a kernel recompile as most don't go that > far OR use the highest level of passphrase encryption possible which > is SHA512. Most distros only use MD5..... I'm going to include SSH > in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most > secure. DES by itself is not, but DES3 is... basically be smart. > > Permissions, permissions, permissions. Don't use world readable files > if not necessary. > > Make sure you have a robots.txt file in your Apache Setup. > > Anyway,.... > > vp > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- :-)~MIKE~(-: