How to change your SSH port! (Security Tutorial)
#11
That's the first thing I do when installing a new server. All those IP entries when I check the logs is amazing.
[Image: show_img.php?userid=8551&vpscount=2]
#12
This is the easiest method to stop bruteforce attacks easily, Eventhough port scan may give the hacker ports, then the root user may receive messages, along with these fail2ban may be good as well, also I don't know whether it is possible to create a honeypot to fool the port scanners.
#13
Actually, if you really want to stop bruteforces, it might even be the best option to deny every request on your SSH port and only allow TCP packets from your own IP address. Unfortunately this will come with the restriction you can't access your server from outside your main connection and you might be screwed if you have a dynamic IP and your ISP decides to give you a new lease.

In case you want to achieve above:

Code:
iptables -A INPUT -p tcp -s 1.2.3.4 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROP

Caution: Please don't use a different order of execution of above commands, this might lock you out of your server!

Thanks to FreeVPS and Hostigation for my VPS 18!
Also a big thanks to NoUptime.host for their great FREE VPS!
[Image: img.php?userid=20285]
#14
If you want to prevent any type of bruteforce attacks, fail2ban is also very essential into preventing that. It will ban SSH access if you fail to enter the correct authentication for the VPS after a couple of times and many of these bots will get themselves.

I did get myself locked out once, it sure wasn't fun trying to evade it. Always remember your passwords and usernames!
#15
As a warning to any users planning to change their SSH ports, I can't stress enough that you need to make sure the port you choose is (and under) 1024.

If a user attacks the SSH daemon and it crashes, chances are they know your port. They can proceed to setup a fake daemon to capture login details and eventually, if they're lucky, they can log in as the root user and make unauthorized changes.
Just wandering around, nothing more.

[Image: show_img.php?userid=12308&vpscount=2]
#16
@rpark using a high port number doesn't make your security unpenetrateable,

Various nmap scripts help you to find the SSH port even in the millions!

Take care, use key-based logins.
[Image: img.php?userid=19870&txt=1]
Thanks to FREEVPS.us and HostUS for VPS 16
Thanks to @NoUptime for the lovely VPS




Users browsing this thread: 1 Guest(s)

Switch to mobile version

Sponsors: FuzzyHosts - Ftpit - ZXPlay - GalaxyHostPlus - Verelox- HostUS - HostMada - Host4Fun - Evolution-Host - NodeBlade - HostDare


BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo