Le vendredi 27 février 09 à 10:43, andy baxter a écrit :
I can make sure that the server doesn't have any incoming ports open
except http and ssh)
I would use another port than 22 for the SSH. If your machine's
ports are
being scanned and it appears port 22 is open, then you'll probably
have a
lot of brute-force attacks to SSH.
Personally, I redirected on my router a high port number (1234, for
example) to port number 22 of my home server. No more brute-force
attacks.
Just in case you didn't think about it, restrict SSH access to
certain
users, in /etc/ssh/sshd_config :
PermitRootLogin no
AllowUsers your_login
andy.
Seb
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org