New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@mksh
Even worse. He lacks even the basic understanding of the involved phases. Whatever; anyone offering a "funny image" as "argument" is just capitulating.
@others/@all
One must differentiate. low level script driven attacks are virtually always targeting a large number of hosts, typically whole slash whatever (e.g. /24) networks and looking for relatively standardized things like ssh, a certain version (or older than) of, say apache, etc. There the efforts vs gain ratio is simply not allowing to make more sophisticated tests.
Those more sophisticated tests are typically made in a rather different scenario in which quite few, often even just a single, hosts are examined. The interest there, however, is rarely to spot the ssh port and to try clumsy auth attacks, but rather to say run a protocol trace to gain more and deeper information.
Seriously, just use V6. My /48 gets 0 failed SSH logins per hour compared to the IPv4 address on my Bird server that gets at least 45K/hr.
@doghouch Better yet, just uninstall SSH server.
IPMI over serial interface through kermit via dialup
I think that prevents the OP from accessing it too
He said Debian 8 tho.. just setup getty!
He might as well delete his SSH config and restart his server.
Wow team switch port and team extra port. You have started to convince me to do the same. Now what is advatage of keeping port 22 and having a backup random port available.
@all
Lookit the scrub who can't whistle DTMF
Just use Arch on production servers and that'll do the trick too.
Are they systemd by default, too?
Arch is systemd last I checked. Gentoo is OpenRC I believe.
Can't remember. I've pretty much given in and just use systemd.
I use Gentoo and was dragged into systemd quite some time ago. I think it should be fairly painless to switch back to OpenRC, though -- well, as painless as anything can be in Gentoo....
But it helps to keep away those bruteforcing chinese bots cause they normally attack just common ports.
Maybe a bit of an overkill, script-wise, but I suggest using Ansible, Puppet, Chef or other sysadmin automation tool.
Use existing playbooks (Ansible) and build and tweak your own scripts galore! Automate anything! Why limit automation to server's security setup alone?
A bit of a learning curve, to be sure, but it does take you to an entirely new level of control
Disclaimer: sorry, control freak here!