<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:800734506;
mso-list-type:hybrid;
mso-list-template-ids:216022138 953071860 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1
{mso-list-id:1068768147;
mso-list-type:hybrid;
mso-list-template-ids:976362294 -1718187342 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText>> The simple answer is yes. but you need to be more
specific as to what hardware you have, what kind of internet connection. if you
dont what to broadcast that in the <o:p></o:p></p>
<p class=MsoPlainText>> mailing list send email to <a
href="mailto:amarentis@gmail.com">amarentis@gmail.com</a><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Andrew I am not sure what information you would require
regarding my hardware. I am using an old Dell GX150 so that I can teach myself
about BlueOnyx before setting up a more dedicated server later in the year. As
for my internet connection, this is cable broadband (Virgin 50mb, the fastest
Britain can offer!) and again I am not sure what information you require. Also
I feel cheeky sending emails like this.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoPlainText>> DenyHosts<o:p></o:p></p>
<p class=MsoNormal>> <a href="http://denyhosts.sourceforge.net/">http://denyhosts.sourceforge.net/</a><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chris, having looked at denyhosts I had noted that this was
for ssh. I have ssh so that it is only accessible through my local network. However,
they are trying to gain access through my webmail.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoPlainText>> I'm assuming a BlueOnyx box...<o:p></o:p></p>
<p class=MsoPlainText>> Install dFix and DenyHost or Fail2Ban. Greg just
posted the other day <o:p></o:p></p>
<p class=MsoPlainText>> a wonderful tool. Here's his post in case you missed
it:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Jeff, yes it is BlueOnyx which I love to bits! I had seen
this post but assumed it only applied to BlueLinQ. I will have another look
later today when I get home. Do I simply follow the instructions posted on the
website (<a href="http://www.compassnetworks.com.au/?page=newlinq">http://www.compassnetworks.com.au/?page=newlinq</a>)
Having looked at them before I had assumed that you had to have BlueLinQ for
the registration part.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoPlainText>> It is OK to have your server do the firewall functionality,
but I would not<o:p></o:p></p>
<p class=MsoPlainText>> recommend it for a real solution. It is better to
have that stuff detected<o:p></o:p></p>
<p class=MsoPlainText>> before it gets to the servers. After the firewall is
setup to detect and<o:p></o:p></p>
<p class=MsoPlainText>> deal with the attack, then have the servers
themselves protected from that<o:p></o:p></p>
<p class=MsoPlainText>> type of attack, shut down if the server gets
overloaded, rather then<o:p></o:p></p>
<p class=MsoPlainText>> exploited. But it is just a suggestion.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Andrew, I am not sure what you are saying here. This is a
home setup via a router with a virtual server forwarding ports 80 and 25. Do
you mean use iptables so that an ip is blocked. On each occasion a different ip
is being used so really I need something that automatically adds the ip to the
iptables / deny.hosts.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoPlainText>> I use IPTABLES mpt_recent to handle brute force
attacks on ssh, pop, and<o:p></o:p></p>
<p class=MsoPlainText>> imap. ftp is a little more problematic but can be
tuned for most legitimate<o:p></o:p></p>
<p class=MsoPlainText>> clients.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Stephanie I really need to look further at iptables. I am
new to all this and you must admit iptables can be a mind field for a beginner.
I unfortunately live in the UK (Manchester) and having tried ever college in my
area, the only Linux they teach is how to install Ubuntu and even that is using
the automatic install, which I would not use. Nothing further as they say that
no one is interested in Linux! (Politics! Microsoft used to give funding to our
schools and said they would pull out if schools started using Linux! Of course
Microsoft have now pulled out anyway!)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I intend to spend the weekend looking at, and trying to
understand iptables further, so may come back with further questions.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Finally, may I say thank you to all who replied it really
shows the “community spirit” and I hope I have not been to forward
using first names.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Please reply to;<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>pcr1066@gmail.com<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>