[mythtv-users] Securing mythweb
Mike Perkins
mikep at randomtraveller.org.uk
Wed Feb 10 15:46:29 UTC 2010
Kevin Ross wrote:
>> Once you open up port 22 on your mythtv box to the internet,
>> it will be hit by computers trying to hack into it (check out
>> logwatch to find out). If you leave userID logins enabled,
>> odds are you will eventually get hacked.
>
> I do allow user logins on my ssh server. I use the nifty program called
> fail2ban. It watches for failed login attempts (on many services, not just
> ssh) and will add a temporary iptables blacklist entry for the offending IP
> address. After 10 minutes, it lifts the ban. It stops the script kiddies.
> Most of the time, after the initial ban, I don't see them again. I guess
> their script moves on to the next host in their list. If they are
> persistent, they can only try 3-5 passwords every 10 minutes.
>
Not going to work. The bad guys figured this out, oh, maybe a year ago. Now,
each host on their botnet tries *once* each with a password attempt before
moving on. This means that you have plenty of single, unique IP addresses
hammering your firewall all day. It gets old real quick.
--
Mike Perkins
More information about the mythtv-users
mailing list