• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Thank God For Firewalls

Anthony Parsons

Well-known member
#1
I was looking at my denied IP's today, having to fix a user who got caught due to unsuccessful login attempts. Looking at the list of attempted SSH logins, OMFG... China, Russia, Korea, etc etc. I assume hacking programs constantly sniffing the web for insecure logins?

I remember getting hosting years ago, where config firewall had to be asked for installation. Funnily enough, when I got my recent dedi via ServInt, config firewall came pre-installed and running this time around.
 

Floren

Well-known member
#5
Might worth mentioning ConfigServer Security & Firewall if you have WHM which comes with a bundle of must have security addons and features. Mod security is also proven to be effective when setup properly.
Interesting, I never used that firewall. How do you find it compared to Selinux?
I think the major security issues we all have rely on web based attacks, i.e XSS/SQL injections,RFI, uploads, evading etc. I'm working as we speak on Nginx packages that include Naxsi firewall, which is designed to effectively eliminate all those issues. The Redhat/CentOS6 RPM packages are finalized, I'm almost done with the Redhat/CentOS5 ones which are a real pester due to enormous number of missing libraries.

Here it is a nice Naxsi graph showing the possible attacks blocked on a default XenForo forum:

naxsi-ui.png
 

Will

Active member
#6
CSF is good. Have used it for a couple years now and haven't had any issues. Never tried Selinux though so I don't how it compares.
 

yavuz

Well-known member
#7
Interesting, I never used that firewall. How do you find it compared to Selinux?
I think the major security issues we all have rely on web based attacks, i.e XSS/SQL injections,RFI, uploads, evading etc. I'm working as we speak on Nginx packages that include Naxsi firewall, which is designed to effectively eliminate all those issues. The Redhat/CentOS6 RPM packages are finalized, I'm almost done with the Redhat/CentOS5 ones which are a real pester due to enormous number of missing libraries.

Here it is a nice Naxsi graph showing the possible attacks blocked on a default XenForo forum:

View attachment 31932
It has its own fireall rules but also works integrated with mod_security - if you choose to activate it - so it detects web based attacks successfully. I'm stuned how much http based attacks our server gets; automated scripts, login attempts, sql injections.... A server admin's must have if I might say so. There are a lot of detailed statistics, php hardening suggestions a lot of firewall configuration options that can be viewed from it's panel I'm away at the moment from my PC. I'll post some screenshots when possible.
 

Naatan

Well-known member
#9
ServInt is awesome :) But the SSH attempts happen everywhere. I don't think I've ever had a server that didn't have failed login attempts from China. And they seem to rotate their machines pretty well so a firewall isn't that useful. Long as you don't have a common username & password and disable root logins you'll be fine though :)
 

Anthony Parsons

Well-known member
#12
WHM is installed...

Quite honestly, once everything is installed I see no reason to access my server... it just runs nicely. I have the attitude of, "if it ain't broke, don't fix it."

I only turn SSH on via WHM when SSH is absolutely needed.
 
#13
I have fixed IP address at home so I have my iptables set to only accept connections from that IP number for port 995 ie SSH. Anyone else tries and the connection is dropped.
 

Adam Howard

Well-known member
#14
On one of my servers

3 step vitrification (Ip, phone, time key generated code)
DNS routing
physical firewall
software firewall
ssh secure key, on different port, and time based (only accepts log-ins between accepted times)

There maybe a lot of ways to hack something, but you're not getting that way
 

Floren

Well-known member
#15
There maybe a lot of ways to hack something, but you're not getting that way
This is what you would get if you try to login into one of my servers:

login.png

You will have to know my ssh port (not 22), password and... steal my phone to get the verification code that changes every 15 seconds. :giggle:
 

Adam Howard

Well-known member
#16
This is what you would get if you try to login into one of my servers:

View attachment 32094

You will have to know my ssh port (not 22), password and... steal my phone to get the verification code that changes every 15 seconds. :giggle:
Same, but also your IP would have to be on the approval list, you would also need to know the time keygen code, and ssh secure key code. You would also have to do it at the right time of day