1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Thank God For Firewalls

Discussion in 'Server Configuration and Hosting' started by Anthony Parsons, Jul 22, 2012.

  1. Anthony Parsons

    Anthony Parsons Well-Known Member

    I was looking at my denied IP's today, having to fix a user who got caught due to unsuccessful login attempts. Looking at the list of attempted SSH logins, OMFG... China, Russia, Korea, etc etc. I assume hacking programs constantly sniffing the web for insecure logins?

    I remember getting hosting years ago, where config firewall had to be asked for installation. Funnily enough, when I got my recent dedi via ServInt, config firewall came pre-installed and running this time around.
     
  2. Ghan_04

    Ghan_04 Active Member

    This is why I move SSH off of port 22. Automated scripts have a hard time finding SSH on a high level port to try brute forcing a login.
     
    D.O.A. and Anthony Parsons like this.
  3. Floren

    Floren Well-Known Member

    Ya, first thing I do when I setup a box is change the SSH port and install Selinux. :)
    I hear a lot of people complaining about Selinux, I never had a problem with it. If you want to really secure your ssh login, just use a two-step authentication. There is no way anyone can hack into your box, once you implement it. :)
     
    Naatan and Anthony Parsons like this.
  4. yavuz

    yavuz Well-Known Member

    Might worth mentioning ConfigServer Security & Firewall if you have WHM which comes with a bundle of must have security addons and features. Mod security is also proven to be effective when setup properly.
     
    Dan likes this.
  5. Floren

    Floren Well-Known Member

    Interesting, I never used that firewall. How do you find it compared to Selinux?
    I think the major security issues we all have rely on web based attacks, i.e XSS/SQL injections,RFI, uploads, evading etc. I'm working as we speak on Nginx packages that include Naxsi firewall, which is designed to effectively eliminate all those issues. The Redhat/CentOS6 RPM packages are finalized, I'm almost done with the Redhat/CentOS5 ones which are a real pester due to enormous number of missing libraries.

    Here it is a nice Naxsi graph showing the possible attacks blocked on a default XenForo forum:

    naxsi-ui.png
     
  6. Will

    Will Active Member

    CSF is good. Have used it for a couple years now and haven't had any issues. Never tried Selinux though so I don't how it compares.
     
  7. yavuz

    yavuz Well-Known Member

    It has its own fireall rules but also works integrated with mod_security - if you choose to activate it - so it detects web based attacks successfully. I'm stuned how much http based attacks our server gets; automated scripts, login attempts, sql injections.... A server admin's must have if I might say so. There are a lot of detailed statistics, php hardening suggestions a lot of firewall configuration options that can be viewed from it's panel I'm away at the moment from my PC. I'll post some screenshots when possible.
     
  8. Anthony Parsons

    Anthony Parsons Well-Known Member

    Config firewall is excellent... hence my opening post, as it catches all attempts automatically for me, instantly banning the IP.
     
  9. Naatan

    Naatan Well-Known Member

    ServInt is awesome :) But the SSH attempts happen everywhere. I don't think I've ever had a server that didn't have failed login attempts from China. And they seem to rotate their machines pretty well so a firewall isn't that useful. Long as you don't have a common username & password and disable root logins you'll be fine though :)
     
    Anthony Parsons likes this.
  10. Anthony Parsons

    Anthony Parsons Well-Known Member

    Yer, I disable SSH period. I only enable it when I need it accessed, otherwise it remains disconnected as a login method.
     
  11. Floren

    Floren Well-Known Member

    Tony, I'm wondering how do you access the server if you disable SSH... through a DRAC card?
     
  12. Anthony Parsons

    Anthony Parsons Well-Known Member

    WHM is installed...

    Quite honestly, once everything is installed I see no reason to access my server... it just runs nicely. I have the attitude of, "if it ain't broke, don't fix it."

    I only turn SSH on via WHM when SSH is absolutely needed.
     
  13. Hackfall

    Hackfall Member

    I have fixed IP address at home so I have my iptables set to only accept connections from that IP number for port 995 ie SSH. Anyone else tries and the connection is dropped.
     
  14. Adam Howard

    Adam Howard Well-Known Member

    On one of my servers

    3 step vitrification (Ip, phone, time key generated code)
    DNS routing
    physical firewall
    software firewall
    ssh secure key, on different port, and time based (only accepts log-ins between accepted times)

    There maybe a lot of ways to hack something, but you're not getting that way
     
  15. Floren

    Floren Well-Known Member

    This is what you would get if you try to login into one of my servers:

    login.png

    You will have to know my ssh port (not 22), password and... steal my phone to get the verification code that changes every 15 seconds. :giggle:
     
    yavuz likes this.
  16. Adam Howard

    Adam Howard Well-Known Member

    Same, but also your IP would have to be on the approval list, you would also need to know the time keygen code, and ssh secure key code. You would also have to do it at the right time of day
     
    D.O.A. likes this.

Share This Page