New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
limit the IPs that can access your VNC port to your own IPs using firewall is probably one of the easiest method to secure your VNC
I have dynamic ip damn my isp
SSH port forwarding, VPN...
Change ssh port to something random and disable root login. Then open ssh and whatever has to be open. Tunnel everything else through ssh that you need. That includes ssh and whatever else.
Nvm, my friend tell me to set blacklist timeout to zero, somehow it worked. . .
vnc4server :1 -blacklisttimeout 0
Thx all.
Seems little bit difficult to me, but thankz anyway.
Try install fail2ban
Misleading title. I though VNC have so many security issues. -_-
Lol sorry, im new around here. And obviously im bad at english. . .
Of course it did, now you’re going to be far easier to brutce force. Great solution :-).
From xvnc manual:
and
So by setting this limit to zero, you are basically disabling blacklist feature.
Hmmm, any ideas for a better way? Maybe a guide so i can learn?
Get a VPN or proxy. Get one preferably with static IP. For VPNs you can connect to certain nodes to get the same ip over and over again. Whitelist that IP.
Or wanna get really stealthy?
Implement port knocking. Essentially, you select 3 ports to be "knocked" in a sequence within a certain time frame. This will prompt the knocking program on your server to create a firewall rule to allow connections from your ip to a specific port. After you're finished, you "knock" 3 other different ports in a sequence within a certain time frame. This will trigger your knocking program on your server to delete the previous firewall rule.
Here is an article: https://blog.rapid7.com/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on-ubuntu-linux/
This essentially makes your ports invisible. This is usually used for SSH. To do this within a browser, you can use javascript to initiate the port knockings to open and close the ports.
Hope this helped