Line 1: |
Line 1: |
| ==Introduction== | | ==Introduction== |
| After a recent rise in the amount of SSH attacks I decided to have a look at other methods of blocking SSH attacks. | | After a recent rise in the amount of SSH attacks I decided to have a look at other methods of blocking SSH attacks. |
| + | |
| + | === AutoBlock === |
| + | [[AutoBlock]] is enabled by default on SME9 and later. By design only IP outside your local network will be blocked if too many attempts are done. |
| + | |
| + | Default values |
| + | AutoBlockTime=900 # 900 seconds (15 minutes). |
| + | AutoBlockTries=4 # meaning that 3 Tries are allowed, the fourth try is blocked. |
| + | AutoBlock=disabled # default for SME Server 8 |
| + | AutoBlock=enabled # default for SME Server 9 |
| + | However there is no whitelist, you can easily lock you out. |
| | | |
| ===DenyHosts=== | | ===DenyHosts=== |
Line 10: |
Line 20: |
| However, it was sending me a lot of mails. Yes, I could disable them. | | However, it was sending me a lot of mails. Yes, I could disable them. |
| | | |
− | However, it has to check the logs and find failed logins and then create a list for ssh to check against. SO it will allow at least one connection. | + | However, it has to check the logs and find failed logins and then create a list for ssh to check against. So it will allow at least one failed connection. It is, quite lightweight as it will update a simple plain text file called by /etc/hosts.deny on every ssh connection. |
| | | |
| I wanted something a bit quicker that would bulk block a lot of IPs immediately. | | I wanted something a bit quicker that would bulk block a lot of IPs immediately. |
Line 34: |
Line 44: |
| There are some xtables RPMs floating about that work with GeoIP v1 DBs but not sure about v2 DBs. Needs investigation | | There are some xtables RPMs floating about that work with GeoIP v1 DBs but not sure about v2 DBs. Needs investigation |
| | | |
| + | 07/02/20109 - These are in the process of being imported. They will work with GeoIP2. |
| + | |
| + | smeserver-xt_geoip |
| + | xtables-addons |
| + | |
| + | They should be in smetest shortly. |
| | | |
| ===hosts.allow=== | | ===hosts.allow=== |
Line 164: |
Line 180: |
| | | |
| It may be worth looking at adding a specific AllowHosts section in the chain, or somewhere in masq to Allow Specific hosts, but block the rest of a country. | | It may be worth looking at adding a specific AllowHosts section in the chain, or somewhere in masq to Allow Specific hosts, but block the rest of a country. |
− |
| |
| | | |
| [[Category:SSH]] | | [[Category:SSH]] |