Select Page

It’s common practice to only allow web server access via SSH using key authentication. While this makes it impossible to login without the key, a quick look at:

tail -n500 -f -s3 /var/log/auth.log

Showed an endless stream of dictionary attempts trying to gain root/admin access to the servers. While they would never succeed, its preferable to try and avoid a DDOS scenario.

As we run a SSHd which is available remotely , I installed DenyHosts

sudo apt-get install denyhosts

DenyHosts will block an IP after a few failed attempts.

Denyhosts need no real setup, but its advisable to add your IP’s you use to access your server to:

sudo nano /etc/hosts.allow

So you can never be locked out.

%d bloggers like this: