[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: need help with openssh attack



Just some advice to make your SSH server more secure:

* Use private not public keys with strong passwords
* Do not allow root login to the SSH server
* Don't use the default port 22 but choose one of the high order ports
* Use a port knocker to hide your SSH port (install and configure: knockd)
* Configure your iptables to allow only certain addressees (only if you connect from static places for example your work or home)
* Also configure your /etc/hosts.deny and /etc/hosts.allow for sshd
* Use fail2ban to defend yourself from bruteforce attacks
* Use fwsnort to have SNORT rules in your iptables which will protect you against exploits for example. You do need to configure this: fwsnort --update-rules && fwsnort
Then run the sh script in /etc/fwsnort and save your iptables with for example: iptables-persistent
* Use and configure PSAD for port scan protection
* Only allow certain users to connect to the SSH deamon

If you need more detail on any of these tips then just ask and I'll provide ;-)




On Thu, Dec 29, 2011 at 15:38, Russell Coker <russell@coker.com.au> wrote:
On Fri, 30 Dec 2011, Taz <taz.inside@gmail.com> wrote:
> Hello, we've got various debian servers, about 15, with different
> versions. All of them have been attacked today and granted root
> access.
> Can anybody help? We can give ssh access to attacked machine, it seems
> to be serious ssh vulnerability.

http://blog.sesse.net/blog/tech/2011-11-15-21-44_ebury_a_new_ssh_trojan.html

The above blog post may be of use to you.  One of my servers was compromised
via that one.

> How can i contact openssh mnt?

Colin Watson <cjwatson@debian.org>

The changelog for the openssh-server package gives Colin as the maintainer.

--
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/


--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 201112300138.11707.russell@coker.com.au" target="_blank">http://lists.debian.org/[🔎] 201112300138.11707.russell@coker.com.au




--
Met vriendelijke groet,
Kees de Jong


De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n).
Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren.

--
The information contained in this message may be confidential and is intended to be exclusively for the addressee(s).
Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail.


Reply to: