Re: OT: Server protection strategy from evil doers - how to stop them.

["Sysadmin - The Well @ Poway" <sysadmin@thewellpoway.org>]

I use a combination of suhosin, mod_security and scripts to 
automatically respond to attacks. Something like Fail2Ban 
<http://www.fail2ban.org/wiki/index.php/Main_Page> or CSF 
<http://www.configserver.com/cp/csf.html> will automatically take the 
appropriate actions based on your preferences and email you about it.

Hope this helps...
Best regards,
-Chris


sthu.deus@gmail.com wrote:
> Good day.
>
>
> My question is about the strategy practice of stopping the evil doers at my
> server - as it is a server I can not turn it off, yet I would not that the
> things that some guys try to do will be repeated. Therefore, may, You would
> share Your experience/knowledge how to stop them.
>
> The situation: I see evil doing in logs. I know the addresses they did use for
> that.
>
> What is the best way (1. Effective; 2. Easy to commit) to stop them?
>
> My own considerations for now: to use iptables to ban those IPs, but here I
> have the following problem: if I exclude by IP - it is a lot of IPs. If I
> exclude by its ranges - I risk to exclude goo users from our public services
> (web, email) others - the same is for the ISP nets - as their users can change
> their IPs easily. So... please, any suggestions.
>
>
> Thank You for Your time and effort.
>
> Best regards,
> Sthu Deus.
>
>
>