Huge increase in brute force attacks?
- Thread starter Francisco
- Start date
-
- Tags
- attack bruteforce pony
DomainBop
Dormant VPSB Pathogen
Depending on the server, any or all of these:
1. change SSH ports
2. private key authentication only, disable password authentication
3. fail2ban
4. allowed list of users that can access SSH
5. restrict IPs that can access SSH (setup a VPN and only allow access to the SSH port through the VPN IPs)
6. hashlimit rules
7. dirty networks full of brute forcers, comment spammers, and other attackers are blocked in firewalls
AS36352 ColoCrossing
AS55286 B2Net Solutions (ServerMania)
AS46573 Global Frag
AS8100, AS62639, AS29761 Quadranet
AS46844 Sharktech
AS29073 Ecatel/Quasi Networks/ Novogara LTD
8. other firewall blocks of IPs used by brute forcers, attackers, and spammers:
http://www.spamhaus.org/drop/drop.lasso
http://www.spamhaus.org/drop/edrop.lasso
http://www.dshield.org/block.txt
http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
http://www.cymru.com/Documents/bogon-bn-agg.txt
http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
https://www.openbl.org/lists/base_30days.txt
http://www.autoshun.org/files/shunlist.csv
https://www.maxmind.com/en/anonymous_proxies
http://www.stopforumspam.com/downloads/listed_ip_1.zip
9. You could also setup port knocking but it makes logins a pain in the ass so not recommended unless you're a sadist
Last edited by a moderator:
drmike
100% Tier-1 Gogent
Issue @DomainBop is all of the above is really suited to single end user, but on baremetal in provider environment probably all of those approaches = suicide.
With flows of these attacks / attempts the overhead on say iptables / ipset would really run up quickly. I saw something like 900MB of SSH attempts in under a minute.
With flows of these attacks / attempts the overhead on say iptables / ipset would really run up quickly. I saw something like 900MB of SSH attempts in under a minute.
Last edited by a moderator: