What is Digg?96 Comments
- crashsystems, on 10/10/2007, -1/+36An even easyer way to block brute force attack:
sudo apt-get install denyhosts
Denyhosts is simpler to set up, and gives you more options through the config file (though the defaults work quite well). - dicerandom, on 10/10/2007, -0/+16They don't want your data, they want a zombie to push out theirs.
- blizzok, on 10/10/2007, -1/+17i just don't use plain text authentication. public keys ftw.
- kevmaster, on 10/10/2007, -0/+14fail2ban is nice too, each method has it's advantages in different situations but as stated in the article:
The advantage of this method is that there is no log parsing involved which makes the banning instant.
It's also faster because it all works on kernel level. - cnowacek, on 10/10/2007, -2/+13The jackpot... a web server with no usable information. My life is boring and so is my data.
- t0ny, on 10/10/2007, -1/+10I dont care if they are trying to brute force my server.
90% of the time you are trying to get in with default users and passwords.
My solution to this is to block root, and I setup a group of allowed ssh users. So Its very rare they even try my account. - Salgat, on 10/10/2007, -2/+10I remember when I was testing a VNC server. After setting it up, I recieved several very random requests from people to view on desktop, although I never told anyone about it. Needless to say, I uninstalled it, although this story is pretty irrelevant.
- sexybobo, on 10/10/2007, -1/+9nothing is uncrackable.
- Niten, on 10/10/2007, -0/+7Seconded. All it takes to make password crackers completely irrelevant is:
Protocol 2
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
PubkeyAuthentication yes - timestar, on 10/10/2007, -0/+7Crackers and script kiddies don't care about your data - the less you have the more space there is for their scripts and warez.
- ekravchenko, on 10/10/2007, -0/+6Why does the title say Ubuntu: ...??? It affects every linux distro which has ssh enabled... Now to something that I think you'll really enjoy http://www.youtube.com/watch?v=1dmVU08zVpA
- junml707, on 10/10/2007, -0/+5Stupid question...
I've never used Linux before (I've only ever used Windows) (unless you count a little DOS action back in the day) and I'm thinking about trying Ubuntu for the first time. Do I need to worry about this configuration on my personal PC (that I use for general web surfing over cable internet), or is this article just for people running a server? - tehmoth, on 10/10/2007, -0/+5no, the ubuntu is only there so it reaches the frontpage.
- maddud, on 10/10/2007, -3/+7... only Ubuntu?
- Urusai, on 10/10/2007, -0/+4"my voice is my passport, verify me"
- Krechet, on 10/10/2007, -0/+4I've been running this for some time on a couple of my servers (just home machines but often under fire from bots). For those of you savvy enough and vengeful enough to try to annoy these people: google iptables tarpit. This not only blocks the ip, but wastes the bot's time and resources for hours at no cost to you. What I actually did in my set up is I run a fake ssh server on port 22 (I'm behind a NAT router) and the aforementioned TARPIT rule. On something like 2200 or 2022 I usually run real ssh. Bots don't even bother looking that high if they see 22 open and then they get stuck for hours brining "productivity" down. It's like youtube or myspace for bots...
- SEJeff, on 10/10/2007, -0/+4"Then cat /var/log/messages | grep sshd | awk '{print $5}'"
Even better you might try to rip out the 100% useless use of cat and then use // in awk to do pattern matching:
awk '/sshd/{print $5}' /var/log/messages
Your command and ^ do the exact same thing and this one avoids 2 expensive fork() execs to echo and grep in a pipe.
grep sshd /var/log/messages | awk '{print $5}' also works - jessejoedotcom, on 10/10/2007, -0/+3Agreed, Denyhosts is perfect for this.
http://denyhosts.sourceforge.net/
"DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?
DenyHosts attempts to address the above... and more. " - chandler, on 10/10/2007, -4/+7Just use a 15 character password... it's uncrackable.
Then cat /var/log/messages | grep sshd | awk '{print $5}' and release all known IPs to the other bots that browse your server for said information. Bots attacking bots. :) - coredump0x01, on 10/10/2007, -0/+3Try sshblack http://www.pettingers.org/code/sshblack.html If you're looking for good SSH brute force protection. Hasn't let me down yet. Requires Perl.
- sexybobo, on 10/10/2007, -0/+3really this has very little to do with ubuntu. People will usually only try to brute force your root account which by default isn't enabled and this is over ssh which is not installed by default. so this might be handy if you installed ssh but they can try to brute force my box all they want if they have to brute force the user name and password.
- SEJeff, on 10/10/2007, -0/+3Here is pretty much how I find out where your sshd server is running:
nmap -sV yourclasscsubnet.0/24
Obscurity through obscurity will prevent lame bots and script kiddies from finding your sshd, but it won't protect you from someone who has the first bit of knowledge about how things work. - nukem996, on 10/10/2007, -0/+3FKnight: How do you do things quickly and remotely by command line in Windows such as setup a web server move files and manager users? O wait you can't so I think its you who needs to STFU.
- Twelve-60, on 10/10/2007, -0/+3Yeah, I'm sure they would get far with 8 per minute you idiot.
- Salgat, on 10/10/2007, -0/+3I believe its 72^15 instead of 15^72, since you have 72 characters, and you multiply it by itself for the 15 slots, or 72*72*72...etc aka 72^15. Even then though, its very unlikely anyone would ever break a 15 char pass.
- jessekeys, on 10/10/2007, -0/+2http://digg.com/linux_unix/HOWTO_Five_steps_to_a_more_secure_SSH?t=3647652#c3647652
- bigtomrodney, on 10/10/2007, -2/+4The first thing to do is to switch SSH to another port. Running on port 22 isn't a great idea because all of the bots are checking port 22. If you run on another random port then it has to be a direct and intentional attack as the attacker will have to portscan you first. So 99% of attacks are gone. I used to get 60-70 attempts a day on my SSH. I haven't had a single attempt in the 18 months since I switched to another port.
- NinjitsuStylee, on 10/10/2007, -0/+2I'm gonna have to agree with lonniebiz on this one.
Be proud that even though there are 99e100 distros out there, at least one of them is finally getting the spotlight in the desktop OS world. (And FYI I'm well aware that there have been dozens of succesfull Linux distros out there, I'm just saying that Ubuntu is going more mainstream slowly and steadily, and we in the Linux world should appreciate that). - vfrex, on 10/10/2007, -1/+3Yeah. Even then, enforcing password strength will do the tric.
- castegere, on 10/10/2007, -1/+3Another thing, If you don't have a static IP address, no firewall rules will help you against brute force attacks. SSH 2 and some ingenuinty is all you need + a healthy dose of paranoia. (The truly paranoid may wish to place motion sensors in the air ducts... )
- nukem996, on 10/10/2007, -0/+2Now you know how Richard Stallman feels.
- chandler, on 10/10/2007, -1/+3This is for the math lovers -- 26 lower case chars, 26 upper case chars, 10 digits, 10 symbols = 72 chars 15^72 = 7244150201408990671659859968 (7,244,150,201,408,990,671,659,859,968)/500,000 guesses per second (2.3 quad core, 8 GB RAM) = 24147167338029968905532.86656 seconds, 402452788967166148425.547776 minutes, 6707546482786102473.7591296 hours, 279481103449420936.4066304 days or 765701653286084 years. This is not assuming the Moore's Law in which this is will be exponentially decreasing and cannot be done on Windows Calculator.
- rclay, on 10/10/2007, -1/+3Obviously this is applicable to all Linux. I've tried it on Red Hat and CentOS.
- javaroast, on 10/10/2007, -1/+3Buried for lame use of Ubuntu in the title
- Fartag, on 10/10/2007, -0/+2For vncserver make sure that sucker is an updated version! There was a ridiculous exploit (specify an invalid password method and it doesn't know how to do that so it just let people in!) for it about a year ago, if I'm remembering right. Also, if you run it in Linux it's probably nice to go ahead and just run it with the flags:
-localhost
and
-nolisten tcp
so it doesn't listen on any remotely accessible sockets anyway. That way you can ssh into the machine and run vncviewer there so it's tunneled safely through ssh (where ssh login has protections against brute force or other remote attacks). Seems pretty safe that way! - Shdwdrgn, on 10/10/2007, -1/+3Yeah because Windows has a much more elegant solution for this problem when you run an SSH server. Oh wait, no it doesn't. Come to think of it, Windows doesn't have ANY solution for this problem.
- bobcrotch, on 10/10/2007, -0/+2haha even the Unbuntu zealots are trying to be elitists and digging you down.
Your best security policies are going to be not running sshd, a web server, mail server, or any other public facing services you don't plan on using. That coupled with a secure password is pretty decent.
Unfortunately in this case Linux provides a great deal of control over your system and in some cases that can be pretty dangerous. Setting up an open relay mistakenly would be a great example. - trogdoor, on 10/10/2007, -0/+2No you do not, as Acglaphotis said and for some reason was dugg down, Ubuntu does not listen on any ports other than for ICMP ( ping ) and does not even have an ssh server installed by default, if you decide to install ssh and foreward it to your computer from your router then you should follow this, if not it will do absolutely nothing.
- dasunst3r, on 10/10/2007, -0/+2Agreed -- Even though I use Ubuntu, I am burying anything with "Ubuntu" in the title. This does not apply exclusively to Ubuntu -- it applies for all Linux.
- bigtomrodney, on 10/10/2007, -0/+1Also I sshd is not installed by default in Feisty. So this only applies to users who use ssh and not all Ubuntu users.
- Ausome1, on 10/10/2007, -0/+1Here's a little iptable rule set to use http://2020code.com/story.php?title=Block-SSH-Brute-Force-Attempts- It Basically forces a two second pause between ssh connections and after five connections from the same IP in the span of a minute it automatically blacklists them. The block doesn't expire until a full hour elapses with no connection attempts.
- squeaker, on 10/10/2007, -0/+1That's definitely the only reasonable way to run VNC...
A colocated server in my company's data center got pwn3d because the admin didn't think e needed to keep his server up to date. - NinjitsuStylee, on 10/10/2007, -1/+2"Amateurs" eh? Provide evidence to your claim or abandon digg trolling forever. You'll never survive here.
- Neorio, on 10/10/2007, -0/+1OpenBSD's pf filter goes the extra mile by allowing you to blacklist IPs who brute force you. You can find pf in FreeBSD as well.
- MatthewBlack, on 10/10/2007, -0/+1Yes, sort of. Most distros all the server applications (eg sshd) come on the install disk, or are at least very easy to install automatically over the internet using a package manager. So if you don't know what you are doing, you might decide to install the wrong thing and open yourself up.
- Krechet, on 10/10/2007, -0/+1To be fair! The RECENT target is not enabled in some kernels by default. So no this does NOT apply to all Linux distributions, although it applies to many. YMMV.
- lonniebiz, on 10/10/2007, -1/+2Just be glad that people are excited about Linux; let them call it Ubuntu if that's what they've started with. If find your complaint more annoying than their oversight.
- mwyres, on 10/10/2007, -1/+2hmmm - how's about moving SSH away from port 22??? I run mine on a completely different port, and I don't get any brute force attempts...at all...
- RCourtney, on 10/10/2007, -0/+1We've used sshblack for years on all of our highly visible linux boxes. I'm sure other similar scripts probably work just as well, but sshblack was one of the first to address this issue and we've never had to look into anything else for blocking brute force ssh attacks and keeping the logs free from the clutter.
- evilgold, on 10/10/2007, -0/+1so iptables is exclusive to ubuntu now? I just dont get why people find it necessary to replace the word linux with ubuntu... I think we should implement a filter on digg to automatically change the word ubuntu to linux...hell make it completly right and say gnu/linux. I think i have yet to see one tutorial with ubuntu in the title that actually only applied to ubuntu.
-
Show 51 - 94 of 94 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is