Jerry Stuckle wrote: > Danny wrote: > > You were right, SFTP, FileZilla and Proftp confused the hell out of me ... lol We have all been there at some point! :-) > > ... I must add in my defense though that I was in a state of panic > > after syslog warned me of an attack by someone during the night > > via ssh ... So I frantically tried to make ssh and Proftp work > > together without reading the online guides properly ... > > As a side note - don't panic over SSH attacks. Instead, use the right > tools and techniques to secure your systems and let them do their jobs. > Monitor the server to ensure you didn't leave any holes. > > For instance, Fail2ban blocked over 100 IP's from accessing one of my > servers on yesterday alone. The attacks keep coming, but none have ever > succeeded. Strong agreement! There are endless dictionary attacks to ssh. This sometimes scares people but for no good reason. If you have a strong passwords, and everyone should have either strong passwords for ssh or blocked passwords, then there is no danger. There is no need to shy away from ssh simply because the Internet is a hostile place. One of the best tools to mitigate the noise of ssh attacks is fail2ban. Like Jerry I always install fail2ban and it does a marvelous job of managing the automatic banning of abusive IPs. Fail2ban can be expanded upon to manage web service attacks such abusive POST attacks and other such things. Definitely a worthy tool that is always on my servers. Bob
Attachment:
signature.asc
Description: Digital signature