I have around 2 years experience managing servers, mainly VPS servers. I recently purchased a VPS with VPSLink (who have been very good). I did the usual security measures - APF Firewall, locked down PHP (Reg globals, disable system commands, etc) and installed Brute force detection on the SSH server. I was getting emails of over 500 attempted password logins on my SSH!
I was given some instructions on what to do to prevent this from happening so im going to share them here to help others secure their SSH and reduce the possibility of one of these bots (or humans) accessing your server via root.
Install Brute Force Detection (BFD)
This nifty tool will basically detect and help prevent people and bots trying to access your server by entering a list of random passwords - it will ban and block the IP¡¯s that attempt to brute force your server.To install BFD you must first install the APF firewall - instructions on doing so can be found over at webhostgear dot com
Once you have installed APF you may install BFD:
Step 1: Login to your server as "root"
Step 2: Download the latest release of BFD
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
Step 3:Un-Tar the archive
tar -xvzf bfd-current.tar.gz
Step 4:Move to the newly created BFD directory
cd bfd-0.X
Step 5:Run the installation utility, once installed it will give you a completion message.
./install.sh
Step 6:Edit the config file
nano /usr/local/bfd/conf.bfd
Change This:ALERT_USR="0"
To This:ALERT_USR="1"
and This:EMAIL_USR="root"
To This:EMAIL_USR="you@domain.com"
Step 7:Now to prevent getting locked out, its best that you edit the ignore list, this is a list of IP¡¯s that wont be affected by the BFD system.
nano /usr/local/bfd/ignore.hosts
Add your IP to the list, e.g:123.456.7.8
Step 8:You can now start BFD by running the following command as root:
/usr/local/sbin/bfd -s
The install of BFD is now complete. Time for the next item on the security list¡ Moving SSH To A New Port
As silly as this may sound, moving SSH is actually one of the better methods of helping to stop unauthorized access. Moving the port will give the impression that the server is either non-functional or does not have SSH setup.If you have APF installed, make sure to add the new port to the list of open ports before applying the below modifications - failure to do so could leave you locked out of your system.
Step 1: Pick yourself a port number (higher 4 digit numbers are usually better as they are less likely to already be in use). E.g. 8470
Step 2: Here we will open up the SSH config file, at the top of the file is the current port number (22), you can just change this to the new one:
nano /etc/ssh/sshd_config
Step 3:Restart the SSH server
/etc/rc.d/init.d/sshd restart
Step 4:Login with the new port number!
If using putty the port number defaults to 22 however you can change this when entering the server IP.
Step 5: If everything is working, you can now edit your APF config and close off port 22 as its no longer needed!
I hope this mini guide will help you all...thank you to members of VPSLink¡¯s forums for the suggestions. Thanks also to Webhostgear.com for their useful guides. For furthur security I recommend a visit to their site! (www.webhostgear.com)
PLEASE NOTE:
This guide is property of RickyMills.com and may not be placed on any other websites without permission. It takes 2 mins to ask¡and im likely to say yes.
discuss this topic to forum
