A few months ago I one of the servers I was looking after got compromised. Basically some script kiddie with too much CPU power on his (her) hands succeeded in a brute-force attack logging into the ssh server.
Of course now I'm using much longer, harder to crack passwords...
But the other new weapon in my arsenal is a very short script (basically just two lines) - to use this script save it as /etc/init.d/ssh-limit and then run 'update-rc.d -f ssh-limit defaults'. If your external interface is not eth0 then you'll have to adjust the script accordingly.
The script limits the number of connection attempts to port 22 (ssh) for any given IP to 4 attempts per minute - effectively increasing the time it takes to brute-force a password 100-fold (or even more). At that stage an attacker usually looks for an easier target...
ssh-limit (368 bytes)
Comments