[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SFTP question



Jerry Stuckle wrote:
> Danny wrote:
> > You were right, SFTP, FileZilla and Proftp confused the hell out of me ... lol

We have all been there at some point! :-)

> > ... I must add in my defense though that I was in a state of panic
> > after syslog warned me of an attack by someone during the night
> > via ssh ... So I frantically tried to make ssh and Proftp work
> > together without reading the online guides properly ...
>
> As a side note - don't panic over SSH attacks.  Instead, use the right
> tools and techniques to secure your systems and let them do their jobs.
> Monitor the server to ensure you didn't leave any holes.
> 
> For instance, Fail2ban blocked over 100 IP's from accessing one of my
> servers on yesterday alone.  The attacks keep coming, but none have ever
> succeeded.

Strong agreement!  There are endless dictionary attacks to ssh.  This
sometimes scares people but for no good reason.  If you have a strong
passwords, and everyone should have either strong passwords for ssh or
blocked passwords, then there is no danger.  There is no need to shy
away from ssh simply because the Internet is a hostile place.

One of the best tools to mitigate the noise of ssh attacks is
fail2ban.  Like Jerry I always install fail2ban and it does a
marvelous job of managing the automatic banning of abusive IPs.
Fail2ban can be expanded upon to manage web service attacks such
abusive POST attacks and other such things.  Definitely a worthy tool
that is always on my servers.

Bob

Attachment: signature.asc
Description: Digital signature


Reply to: