I’ve been dealing with a number of brute-force ssh attacks as of late and am looking for the best method of incorporating some automated process for blocking the IPs through the firewall, but want to be sure that it won’t cause problems with the Interworx Panel implementation. I’ve looked at a couple of options, but am looking for recommendations as well.
Thanks and Happy Holidays!
Phil Malmstrom [SIZE=1]philm@diamondcomputer.com[/SIZE]
[SIZE=2]I would see what you could have done at the router/switch level. That would prevent load on your box.[/SIZE]
[SIZE=2][/SIZE]
[SIZE=2][/SIZE]
[SIZE=2]Thanks,[/SIZE]
[SIZE=2]Clint[/SIZE]
I am working on the switch level as well, but I still want to have some protection on the server itself. The load on our servers is pretty minimal as we only host domains for our service clients so I have plenty of headroom to play with.
That’s one of the ones I looked at. I was curious to find out how the APF implementation would be affected by some of these scripts and if it would interfere with anything Interworx is doing. I know APF is just a policy set for iptables, but I’ve run into issues with other hosting panels (Ensim specifically) getting odd results when adding non-supported scripts and wanted to be sure that I wasn’t going to cause myself problems. I’ve also got Snort running for monitoring so I may try to use one of the daemons that interface with that for a more robust option.
[SIZE=2]I would see no reason not to use BFD, but if you use the other script, I would just leave port 22 open on APF, and let the script do the blocking.[/SIZE]
[SIZE=2][/SIZE]
[SIZE=2][/SIZE]
[SIZE=2]Thanks,[/SIZE]
[SIZE=2]Clint[/SIZE]