- TalkBack 1 of 23:
- Next »
- Thread View
- Flat View
- Just a few google hacks is all it takes to return sites
-
Example: "intitle:index of" passwords modified
Your site shouldn't return anything for a google on "intitle:index of" and inurl:
As for sftp (ssh), be sure that your server's /etc/sshd_config is set for:
PermitRootLogin no
UsePAM no
ChallengeResponseAuthentication no
Port 62314 #example of some non-standard port
Create a publickey with ssh-keygen for passwordless login.
I spent last reviewing my logs to find that there appears to be a new 'distributed' ssh brute force attack method which will fly below 'the radar' of most intrusion detection systems.
DenyHosts is installed on my servers but this distributed brute-force technique relies on sending each successive login attempt from a different ip separated by about 30 seconds or more.
As such Denyhosts fails to sense the attack because it doesn't see just 'one ip' failing 5 times.
Follow the above ssh configuration changes to secure your system from any brute-force attack--the only way.
Also, if you run an unmanaged site, and it runs on any Linux Distro, please install AppArmor and mod-apparmor Apache module (AppArmor is standard equipment in openSUSE 10.3 and Ubuntu 8.04).
Here's an Ars Technica article that hightlights last weeks ssh attacks:
http://arstechnica.com/news.ars/post/20080515-strong-passwords-no-panacea-as-ssh-brute-force-attacks-rise.html
Be safe! - Posted by: D. T. Schmitz Posted on: 05/18/08 You are currently: a Guest | Members login | Terms of Use
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
