[mythtv-users] Securing mythweb
Michael T. Dean
mtdean at thirdcontact.com
Wed Feb 10 18:01:18 UTC 2010
On 02/10/2010 10:46 AM, Mike Perkins wrote:
> Kevin Ross wrote:
>>> Once you open up port 22 on your mythtv box to the internet,
>>> it will be hit by computers trying to hack into it (check out
>>> logwatch to find out). If you leave userID logins enabled,
>>> odds are you will eventually get hacked.
>> I do allow user logins on my ssh server. I use the nifty program called
>> fail2ban. It watches for failed login attempts (on many services,
>> not just
>> ssh) and will add a temporary iptables blacklist entry for the
>> offending IP
>> address. After 10 minutes, it lifts the ban. It stops the script
>> kiddies.
>> Most of the time, after the initial ban, I don't see them again. I
>> guess
>> their script moves on to the next host in their list. If they are
>> persistent, they can only try 3-5 passwords every 10 minutes.
> Not going to work. The bad guys figured this out, oh, maybe a year
> ago. Now, each host on their botnet tries *once* each with a password
> attempt before moving on. This means that you have plenty of single,
> unique IP addresses hammering your firewall all day. It gets old real
> quick.
fwknop ftw!
(hiding your open SSH port on a different port is the obscurity approach
to security and port knocking is broken)
Mike "The fwknop diet: I lost over 2 Gigabytes of btmp when I switched
to fwknop--you can too" Dean
More information about the mythtv-users
mailing list