Security for your Linux SSH using iptables

A few months ago I one of the servers I was looking after got compromised. Basically some script kiddie with too much CPU power on his (her) hands succeeded in a brute-force attack logging into the ssh server. 

Of course now I'm using much longer, harder to crack passwords...

But the other new weapon in my arsenal is a very short script (basically just two lines) - to use this script save it as /etc/init.d/ssh-limit and then run 'update-rc.d -f ssh-limit defaults'. If your external interface is not eth0 then you'll have to adjust the ...


Robust subversion sync via cron

I usually deploy my projects using subversion. This means that on a given server I'll do an initial checkout, typically of the live branch. Then I'm setting up a cron job that on regular intervals polls the distribution server and checks if there are any new versions available. If they are then the scripts syncs to the new revision(s) and performs any additional optional operations (e.g. doing a 'touch' for WSGI reload etc).

One of the problems I ran into was then whenever I submitted a change on the dev branch the sync script would consider ...