OT: Server protection strategy from evil doers - how to stop them.

To: debian-security@lists.debian.org
Subject: OT: Server protection strategy from evil doers - how to stop them.
From: sthu.deus@gmail.com
Date: Sat, 30 May 2009 14:47:22 +0700
Message-id: <[🔎] 4a20e64a.09038e0a.10ee.34ee@mx.google.com>

Good day.


My question is about the strategy practice of stopping the evil doers at my
server - as it is a server I can not turn it off, yet I would not that the
things that some guys try to do will be repeated. Therefore, may, You would
share Your experience/knowledge how to stop them.

The situation: I see evil doing in logs. I know the addresses they did use for
that.

What is the best way (1. Effective; 2. Easy to commit) to stop them?

My own considerations for now: to use iptables to ban those IPs, but here I
have the following problem: if I exclude by IP - it is a lot of IPs. If I
exclude by its ranges - I risk to exclude goo users from our public services
(web, email) others - the same is for the ISP nets - as their users can change
their IPs easily. So... please, any suggestions.


Thank You for Your time and effort.

Best regards,
Sthu Deus.

Reply to:

Follow-Ups:
- Re: OT: Server protection strategy from evil doers - how to stop them.
  - From: "Sysadmin - The Well @ Poway" <sysadmin@thewellpoway.org>

Prev by Date: Re: samba printer question
Next by Date: OT: how do You protect an email relay service?
Previous by thread: Re: samba printer question
Next by thread: Re: OT: Server protection strategy from evil doers - how to stop them.
Index(es):
- Date
- Thread