[mythtv-users] Securing mythweb

Michael T. Dean mtdean at thirdcontact.com
Wed Feb 10 18:01:18 UTC 2010


On 02/10/2010 10:46 AM, Mike Perkins wrote:
> Kevin Ross wrote:
>>> Once you open up port 22 on your mythtv box to the internet,
>>> it will be hit by computers trying to hack into it (check out
>>> logwatch to find out).  If you leave userID logins enabled,
>>> odds are you will eventually get hacked.
>> I do allow user logins on my ssh server.  I use the nifty program called
>> fail2ban.  It watches for failed login attempts (on many services, 
>> not just
>> ssh) and will add a temporary iptables blacklist entry for the 
>> offending IP
>> address.  After 10 minutes, it lifts the ban.  It stops the script 
>> kiddies.
>> Most of the time, after the initial ban, I don't see them again.  I 
>> guess
>> their script moves on to the next host in their list.  If they are
>> persistent, they can only try 3-5 passwords every 10 minutes.
> Not going to work. The bad guys figured this out, oh, maybe a year 
> ago. Now, each host on their botnet tries *once* each with a password 
> attempt before moving on. This means that you have plenty of single, 
> unique IP addresses hammering your firewall all day. It gets old real 
> quick.

fwknop ftw!

(hiding your open SSH port on a different port is the obscurity approach 
to security and port knocking is broken)

Mike "The fwknop diet:  I lost over 2 Gigabytes of btmp when I switched 
to fwknop--you can too" Dean


More information about the mythtv-users mailing list