[olug] Help w/ my server
T. J. Brumfield
enderandrew at gmail.com
Mon Jul 23 22:36:43 UTC 2012
Someone mentioned going VPS route through Linode. They get great reviews,
and I wouldn't try to dissuade someone from them per se. However, I will
also throw out that URPad.net has really cheap Linux VPS hosting.
I have a 2GB RAM VPS through them for $10 a month.
http://www.urpad.net/
On Mon, Jul 23, 2012 at 5:25 PM, Lou Duchez <lou at paprikash.com> wrote:
> On 7/23/2012 6:20 PM, Christopher Cashell wrote:
>
>> On Mon, Jul 23, 2012 at 4:59 PM, Lou Duchez <lou at paprikash.com> wrote:
>>
>>> On 7/23/2012 5:56 PM, Christopher Cashell wrote:
>>>
>>>> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m limit
>>>> --limit 1/min --limit-burst 4 -j ACCEPT
>>>>
>>>> Now you have built-in protection against brute-force attacks at the
>>>> kernel-level, without relying on an external program, or recognizing
>>>> the failed logins later via log watching.
>>>>
>>> That is swank, thank you!
>>>
>> There's also an alternate way of accomplishing essentially the same thing,
>> depending on how you want to implement it, and what your goals are. The
>> above is used as your ACCEPT line for SSH. Basically it only ACCEPTs the
>> packet if, if no more than 1 SYN packet is received from a single IP
>> within
>> 1 minute (with a 4 SYN burst allowed (some apps will send multiple SYNs
>> when trying to establish a connection)).
>>
>> You can also do it this way:
>>
>> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set
>> --name abusers --rsource
>> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update
>> --seconds 180 --hitcount 6 --name abusers --rsource -j DROP
>> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
>>
>> In this case, we start by setting up a rule that watches how many hits we
>> get from each IP address. Then we have a rule that kicks in to explicitly
>> DROP any packets when we've exceeded our hitcount. In this case, it's 6
>> SYN packets in a 3 minute period. Finally, if our DROP rule hasn't kicked
>> in, it falls through to an ACCEPT.
>>
>> Personally, I prefer the earlier setup, as it's simpler and does the trick
>> just fine for simple cases. This method could be useful in certain
>> situations, though.
>>
>>
> Also very swank! Though I think I'll stick with the earlier one for now
> as well; it seems like a solid solution in one line.
>
>
> ______________________________**_________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/**mailman/listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>
--
"I'm questioning my education
Rewind and what does it show?
Could be, the truth it becomes you
I'm a seed, wondering why it grows"
-- Pearl Jam, Education
More information about the OLUG
mailing list