30 April 2008

From Organic Design wiki
Revision as of 23:14, 30 April 2008 by Nad (talk | contribs) (A real robot called CrackBot)
Warning.svg This is a blog item that needs to be converted to the new Bliki format


Crackbot Alert!

After reading this Analyzing Malicious SSH Login Attempts article I decided to do some checking of our own logs (on Debian /var/log/auth.log is the one showing SSH login information), and there are many bots attempting to access our server via SSH just as there were on the Honeypot discussed in the article. In fact we've had around two thousand login attempts per day for at least the last few months! It looks like we've not had any successful attempts thanks to being strict with strong passwords, but the article suggests some simple things which will prevent most attacks from succeeding.

  • Always use strong passwords, don't assume that a normal word with a bit of leet in it is going to fool the crackbots!
  • Changing your SSH port to something other than 22 will put most bots off the scent since their resource is best spent trying logins on known SSH connections rather than port-scanning for others on non-standard ports.
  • Ensure you have root login disabled as that is the most common account attempted by the crackbots
  • Disable access from all but users who really require it rather than the default which is to allow all users to shell in.

In addition to these things I also brought our server OS and software up to date which hadn't been done in quite a while, so many new security patches will have been applied during that process.