On Tue, Jul 27, 2010 at 12:51 PM, Michael Havens <
bmike1@gmail.com> wrote:
> that was really a good post!
>
If this is real abuse, you can always complain to the admin of the IP
superblock - IANA -> ARIN -> GlobalTelecomHolding ->
SmallerGlobalTelecom -> ..... find out who manages the block of IP
from which you are getting attacked - it's their client, maybe they
can control 'em. I don't know if this works anymore - without legal
papers. ymmv
> On Tue, Jul 27, 2010 at 12:45 PM, gm5729 <gm5729@gmail.com> wrote:
>>
>> You can't stop a server from hitting you. It's impossible.
>>
>> You can stop it from getting into your network.
>>
>> Three quickies are a proper IPTables
>> A new invention called hosts.allow/hosts.deny. You can block whole
>> countries this way. I have about a dozen that I do.
so which parts of the planet do you block? or do you subscribe to a
RBL?
http://en.wikipedia.org/wiki/DNSBL
>> Making sure your first line of defense -- the router is configure
>> properly. Mine basically has a hosts.allow/hosts.deny function on it
>> so I use it.
it is a good idea to put yourself in hosts.allow before adding
anything to hosts.deny.
>>
>> If it is a specific port you use for whatever: port knocking, adjust
>> the port above 2000 so that perchance someone gets in they only have
>> user level perms. If it is port 22. Make sure your ssh/sshd files are
>> properly configured. You can nail down to a specific IP and/or
>> user/group that is supposed to use SSH.
>>
>> Use PAM.
>>
>> Make sure your /etc/sysctl.conf file is properly configured.
>>
>> Make sure your kernel is stack hardened. I like Zen, but others like
>> others. If you need super security there is always IPSec, GRsec sp?
>> and even SELinux.
>>
>> Ensure sane compliance to passphrases.
>>
>> You can use sshguard, fail2ban or the like to slow down robots. They
>> like to hit hard and fast. If you slow them down to 15 mins of having
>> to wait to try 3 more times. They get bored and move on.
>>
>> Don't know what kind of distro you use. Change your shadow file to
>> blowfish, which might require a kernel recompile as most don't go that
>> far OR use the highest level of passphrase encryption possible which
>> is SHA512. Most distros only use MD5..... I'm going to include SSH
>> in here. DUMP ALL encryption below 256 bits. SSL3 and TLS are the most
>> secure. DES by itself is not, but DES3 is... basically be smart.
>>
>> Permissions, permissions, permissions. Don't use world readable files
>> if not necessary.
>>
>> Make sure you have a robots.txt file in your Apache Setup.
>>
>> Anyway,....
>>
>> vp
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)