[mythtv-users] Securing mythweb
mikep at randomtraveller.org.uk
Wed Feb 10 15:46:29 UTC 2010
Kevin Ross wrote:
>> Once you open up port 22 on your mythtv box to the internet,
>> it will be hit by computers trying to hack into it (check out
>> logwatch to find out). If you leave userID logins enabled,
>> odds are you will eventually get hacked.
> I do allow user logins on my ssh server. I use the nifty program called
> fail2ban. It watches for failed login attempts (on many services, not just
> ssh) and will add a temporary iptables blacklist entry for the offending IP
> address. After 10 minutes, it lifts the ban. It stops the script kiddies.
> Most of the time, after the initial ban, I don't see them again. I guess
> their script moves on to the next host in their list. If they are
> persistent, they can only try 3-5 passwords every 10 minutes.
Not going to work. The bad guys figured this out, oh, maybe a year ago. Now,
each host on their botnet tries *once* each with a password attempt before
moving on. This means that you have plenty of single, unique IP addresses
hammering your firewall all day. It gets old real quick.
More information about the mythtv-users