[BlueOnyx:11970] Re: Blocking brute force SSH login attempts

David Hahn ml at sb9.com
Thu Jan 10 15:52:57 -05 2013 

On 1/10/2013 4:09 AM, Greg Kuhnert wrote:
> DFIX is available for all versions of Blueonyx.
>
> Regards,
> Greg.
>
>
> On 10/01/2013, at 9:22 PM, Steffan <mailinglist at tikklik.nl 
> <mailto:mailinglist at tikklik.nl>> wrote:
>
>> Hello Greg,
>> Is the DFIX allready for 5107, in the past ity only worked on 5106
>> Thanxs
>>
>> Steffan
>> *Van:*blueonyx-bounces at mail.blueonyx.it 
>> <mailto:blueonyx-bounces at mail.blueonyx.it>[mailto:blueonyx-bounces at mail.blueonyx.it 
>> <mailto:bounces at mail.blueonyx.it>]*Namens*Greg Kuhnert
>> *Verzonden:*woensdag 9 januari 2013 20:43
>> *Aan:*BlueOnyx General Mailing List
>> *Onderwerp:*[BlueOnyx:11954] Re: Blocking brute force SSH login attempts
>> DFIX is a free product available from the new combined Compass / 
>> BlueOnyx / Solarspeed stores. It blocks SSH brute force attacks and 
>> much more. To get DFIX, you will need to register to one of the 
>> stores if you have not already done so, and "purchase" the free 
>> bundle for $0. You can then install via NewLinQ.
>> Note: Anyone who has previously had an account with either Solarspeed 
>> or Compass, you should first try to reset your password in the new 
>> store - and then connect to NewLinQ using the instructions at the 
>> link below. It is important for all clients to perform this step to 
>> get access to any updates/patches for any of your purchases.
>> The instructions to connect to NewLinQ are here. 
>> http://www.compassnetworks.com.au/delivery
>> Regards,
>> Greg.
>> On 10/01/2013, at 1:14 AM, Fungal Style <wayin at hotmail.com 
>> <mailto:wayin at hotmail.com>> wrote:
>>
>>
>> As far as I know... yes and no....
>>
>> BO will block accounts and IPs that are attempted to be brute 
>> forced, but the account needs to exist, well that has been my 
>> experience....
>>
>> I tend to use the iptables and block /32 or if it is from China or 
>> other known hacking countries then a /24 is a minimum...
>>
>> I have been thinking of routing everything through a firewall or 
>> sorts so that the hackers will usually hit it first then get the IP 
>> blocked (as all other servers would be on a virtual LAN)... or 
>> something like that.... but it needs more thought at this stage and I 
>> just dont have the time to look too far into it.
>>
>> If anyone has a good solution (preferrably free) then I am open to 
>> suggestions too (much like most on this list I would assume).
>>
>> HTH
>>
>> Brian
>> ------------------------------------------------------------------------
>>
>> From:james at slor.net <mailto:james at slor.net>
>> To:blueonyx at blueonyx.it <mailto:blueonyx at blueonyx.it>
>> Date: Wed, 9 Jan 2013 09:07:31 -0500
>> Subject: [BlueOnyx:11940] Blocking brute force SSH login attempts
>>
>> Is there a simple way in BlueOnyx to auto-block hosts that fail to 
>> login via SSH too many times?  Something similar to the Failed Logins 
>> settings for the BlueOnyx login page but for SSH?
>> thanks
>>
>> _______________________________________________ Blueonyx mailing 
>> listBlueonyx at mail.blueonyx.it 
>> <mailto:Blueonyx at mail.blueonyx.it>http://mail.blueonyx.it/mailman/listinfo/blueonyx
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it <mailto:Blueonyx at mail.blueonyx.it>
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it <mailto:Blueonyx at mail.blueonyx.it>
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
I like that firewall rule G.
I block all ftp and shell access in hosts.deny and install a little php 
script I made in each user /~web when
the domain is created. If valid users need ftp or shell access they 
login to their user web
and the ip address is captured and put in hosts.allow it tracks their ip 
and if it changes
they just revisit their web dir. then any attackers I find in logwatch 
get put in iptables.
Its a sloppy way to control access but works..
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130110/cf9eeb8f/attachment.html>

More information about the Blueonyx mailing list