Coping With 1 Million SSH Authentication Failures? 497
An anonymous reader writes "I own a small Web development studio that specializes in open source software, primarily Drupal, WordPress, and Joomla for small businesses. Our production servers, which host about 50 sites and generate ~20K hits/week, are managed by a 3rd party that I'm sure many on Slashdot would recognize. Earlier today I was researching some problems on one of our sites and found that there have been over 1 million SSH authentication failures from ~1200 IP addresses on one of our servers over the last year. I contacted the ISP, who had promised me that server security would be actively managed, and their recommendation was, 'change the SSH port!' Of course this makes sense and may help to an extent, but it still doesn't solve the problem I'm facing: how do you manage server security on a tight budget with literally no system admin (except for me and I know I'm a n00b)? User passwords are randomly generated, we use a non-standard SSH port, and do not use any unencrypted services such as FTP. Is there a server monitoring program you would recommend? Is there an ISP or Web-based service that specializes in this?"
Re:Move to a higher order port and use denyhosts (Score:5, Funny)
1. Move the default ssh port to a higher order port (5000+)
Agreed. The higher the better. For the ultimate in security, I recommend 65536.
Re:whatcouldposiblygowrong (Score:5, Funny)
He could get trolled on slashdot by the very people he's coming to ask for help to become *less* of a noob.
I'll bet you teach your kid gun safety by shooting him in the neck.
Re:Exactly (Score:5, Funny)
That's easy, just move the front door to where one of your upstairs windows is and install tiny robots that will draw the curtains if the traffic noise gets too loud.
Re:fail2ban (Score:5, Funny)
Someone fucked up big time when they taught you html:
[url]http://www.fail2ban.org/[/url]
Re:fail2ban (Score:4, Funny)
Because it your production server is *nix, you are probably *already* running a shitload of random scripts written by unknown cunts ?
Re:SSH public key authentication (Score:4, Funny)
The simplest way is to drop SSH and just use telnet. They won't be expecting that!
Re:Tar Pitting (Score:4, Funny)
Incidentally, I would quite like to know how this AC went about implementing this.
He'll be back. He has to wait an hour before being able to log in again.
Re:whatcouldposiblygowrong (Score:5, Funny)
Society places economic value on everything, and the amount of damage a cracked server farm can potentially do far outstrips the economic value of a human life.
You forgot to start that sentence with, "you might be a psychopath if..."