Portal Home > Knowledgebase > Articles Database > VPS has been up for two days...
VPS has been up for two days...
| Posted by Dasweb, 08-14-2009, 08:52 AM |
| And already some one from the ip 221.203.168.227 has been trying to brute force.
So what's the normal security procedures when hardening a VPS?
|
| Posted by Collabora, 08-14-2009, 09:02 AM |
| This is the type of info one should know prior to acquiring a vps. You would harden it the same you would any server. It will depend on OS and server purpose. Invest a few dollars in a server administration book for your specific OS.
|
| Posted by Dasweb, 08-14-2009, 09:07 AM |
| Well I have installed, and changed configuration to the best of my ability thus far. Such as bfd, which is why I got this email in the middle of the night.
|
| Posted by darkeden, 08-14-2009, 09:19 AM |
| change the ssh port have letters and numbers in your password. and check the vps tutorial section.
|
| Posted by Collabora, 08-14-2009, 09:20 AM |
| So I take it you are on Linux? Others can probably offer you more detail than me on that. Have you set up the rule for failed authentication? What about changing SSH port?
Need more info
Don't know what email you are referring to
|
| Posted by darkeden, 08-14-2009, 09:33 AM |
| bfd is a firewall I think that sends you emails incase of hack attempts spamming etc
|
| Posted by Collabora, 08-14-2009, 09:38 AM |
| I believe works with the firewall. It monitors the logs for authentication failures and automatically configs firewall in response? Email makes sense now.
I'm a windows person. haha
|
| Posted by inspiron, 08-14-2009, 09:53 AM |
| You should restrict the amount of login attempts that a user can perform
also banning a users IP after multiple failed login attempts. Keep a close
eye on your log files for the for suspicious login attempts.
|
| Posted by Dasweb, 08-14-2009, 10:45 AM |
| Yeah, I have it set so after a set amount of failed attempts it locks out that IP.
As for the question, yes I'm on Cent OS. I believe I had just about everything I can do to secure the server. I just wanted some suggestions, in case I missed anything.
|
| Posted by Collabora, 08-14-2009, 11:02 AM |
| Keep in mind, this does not decrease the attack surface area. You should still change the ssh port as previously advised.
|
| Posted by DJMizt73, 08-14-2009, 06:24 PM |
| disable root login from ssh ..even better disable interactive login and use keys ..use ssh 2 (disable ssh 1 on server) ..there are several things you can do to make ssh harder. Here's good tutorial
http://www.cyberciti.biz/tips/linux-...practices.html
i personally dont even bother changing ports ..anyone determined can always fire up nmap and portscan you all day long
|
Add to Favourites 
Print this Article
Also Read
