Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bbcode.php on line 2962

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
IPtables, how secure is too secure?
Results 1 to 6 of 6

Thread: IPtables, how secure is too secure?

  1. #1

    IPtables, how secure is too secure?

    Hi everyone. I have been a lurker on the forums here getting some useful information for different projects that I have been currently working on.

    I setup a Centos 5 box at my house which I am starting to learn how to configure things, secure, get apache running, FTP server, ssh, etc. One of these was to make sure I secure the server from unwanted intruders.

    Since I have apache and VSFTPD running with secure username and password, along with root password, I wanted to check on my access and error logs to see who was attempting to get into these services. There is no domain name set for this IP address yet so it would all be based on IP scanning.

    Anyways, I wrote a bash script to email me the httpd access and error logs every day so I can see the traffic. I started noticing people trying to look for the "easy" hacks. When I wrote my IPtables script, i created a DENY_HOSTS variable that I can add IP's to so I can explicitly block traffic from particular people.

    I started adding these unauthorized attempts to my DENY_HOSTS variable one by one. The problem I am running into is this is not scalable as I cannot keep adding IP addresses to this script to block traffic.

    So my question is, how concerned do i need to be about these unauthorized attempts? I don't have anything running on the apache server right now, just the default webpage that apache loads. Also vsftpd is locked down to an unprivlidged system user account and you cannot get out of their home directory.

    Thanks
    -Josh

  2. #2
    Administrator Advisor peter's Avatar
    Join Date
    Apr 2004
    Posts
    882
    I wouldn't be too worried about it as long as you keep your packages constantly up to date to protect against security flaws. This webserver has been graciously spared due to this strategy. Use unguessable passwords and also backup frequently so that you can recover data if you ever get hacked.

    I use IP address blocking sparingly, and only for IP addresses that are causing the site to slow down dramatically. Many ISPs hide many users behind single IP addresses, so you always run the risk of blocking legitimate users of your site.

    My sites:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    -
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    Advisor beezlebubsbum's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    735
    I agree with Peter. I too run my own web server (though not with a site as nice as this) and have been lucky in the fact that I haven't been hacked. I install all OS and software updates twice a week, and actually use anti-virus software on the machine (avast for Linux). Apt-get upgrade is so easy and handy
    My Website:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    My Website Uptime:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    My Server Specs: AMD Athlon X2 3800+, 2gb DDR2 RAM, 1.5TB HDD, Ubuntu 9.10
    My Gaming PC: Intel Core 2 Duo 2.93ghz, 4gb DDR2 RAM, 9800GTX+

  4. #4
    Quote Originally Posted by beezlebubsbum View Post
    I agree with Peter. I too run my own web server (though not with a site as nice as this) and have been lucky in the fact that I haven't been hacked. I install all OS and software updates twice a week, and actually use anti-virus software on the machine (avast for Linux). Apt-get upgrade is so easy and handy
    Thanks for the feedback guys. I guess will stop adding IP addresses to my deny_host variable

    Could I just use yum update (package name) to keep updated as well? The server is strictly CLI, I did not install kde, gnome, or X.

    thanks again for the info.

    I am working on getting a mythtv box setup ATM. I will probably be posting for help with this later.

    -josh

  5. #5
    Advisor beezlebubsbum's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    735
    i suppose yum is basically the same as apt-get, just distro specific
    My Website:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    My Website Uptime:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    My Server Specs: AMD Athlon X2 3800+, 2gb DDR2 RAM, 1.5TB HDD, Ubuntu 9.10
    My Gaming PC: Intel Core 2 Duo 2.93ghz, 4gb DDR2 RAM, 9800GTX+

  6. #6
    Newbie
    Join Date
    Aug 2008
    Location
    Maryland
    Posts
    3
    I don't have the book here in front of me, but there are some iptables tricks to limit the number of attempts of certain activities. If I remember, you can configure it to wait for N attempts, in M seconds/minutes/hours, and then DENY/DROP for X seconds/minutes/hours or permanently. This is used to stop port scans and brute force attempts against certain ports (e.g., ssh).

Similar Threads

  1. Really secure? You can't be sure
    By Fatal Error in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 05-22-2005, 03:44 PM
  2. How secure am I?
    By jme in forum Linux - Software, Applications & Programming
    Replies: 6
    Last Post: 01-29-2005, 09:48 PM
  3. secure ftp
    By pinehead in forum Linux - General Topics
    Replies: 1
    Last Post: 07-30-2004, 12:03 AM
  4. Secure IDE
    By BurntAsh in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 08-03-2003, 12:27 PM
  5. Secure NTP
    By elovkoff in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 03-04-2003, 02:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •