Category: Security
-
Fixing the Heartbleed vulnerability on CentOS
While the popular media have jumped on the Heartbleed Bug as if the sky were falling causing mass panic, it is actually quick and easy to fix for us CentOS users. Red Hat released a patched version of OpenSSL on 8th April and it has already filtered down to the CentOS updates repository, so all…
-
What not to do when you’ve installed sshdfilter
sshdfilter is a great tool which monitors system logs for repetitive failed login attempts and actively updates iptables to block offending ip addresses. However, there is a slight shortfall it its design as there are no exceptions to its blocking rules as I found this morning: Subject: sshdfilter event for 127.0.0.1, Too many password guesses,…
-
Patch to mod_evasive to enhance reporting
This morning I took the opportunity to install mod_evasive on my Apache Web Server after being hammered by zombies last night. Quote from [www.nuclearelephant.com]: mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to…
-
Using sshdfilter to secure an SSH server
Since moving my OpenSSH server down to its standard port number I have been hit daily by service scanning software and brute force password attacks. Gerry pointed out that sshdfilter can help. sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables…
-
Brute force password attacks on Linux over SSH
This is one of the main reasons I hate running SSH on the standard port numbers, every day I get log-alerts like these. As per usual I notify the originating ISP, at least I have an email template for it. Failed logins from these: invalid user abdul (password) from 203.98.XXX.XXX: 2 Time(s) invalid user abort…