Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Server got hacked.. interesting security opportunity
New Posts  All Forums:Forum Nav:

Server got hacked.. interesting security opportunity - Page 2

post #11 of 14
Quote:
Originally Posted by TrueTroop View Post

To be honest, the port thing alone will keep you safe the overwhelming majority of the time as people aren't going to spend the time trying to figuire out what random port you set the service to broadcast to, they'll just move on to the next guy who uses the default port....

That's what sniffers are for wink.gif

The port thing is ok against kids who don't know what they're doing. But anyone using a port sniffer will snag the port in no time. It'll still help a little though, but not that much against anyone who really wants to find a port.
Edited by Shrak - 3/25/12 at 5:42pm
post #12 of 14
Quote:
Originally Posted by TrueTroop View Post

I have 3 different linux servers and all I do:
1) Use fail2ban (simple to install prevents 99.99% of bruteforce attacks)
2) Use none default ports (*VERY IMPORTANT*)
3) Bind access to services only you use to a specific IP
To be honest, the port thing alone will keep you safe the overwhelming majority of the time as people aren't going to spend the time trying to figuire out what random port you set the service to broadcast to, they'll just move on to the next guy who uses the default port....

Non-standard ports fall under "security through obscurity" - which, while are useful tool to have in your arsenal, isn't recommended as safe security measures.

If you have public services already running (eg Apache) then you're automatically an enticing target for attackers and it wouldn't taken them much effort to find what port you have openssh listening on. The only thing non-standard ports will do would be limit the number of opportunists / script-kiddies go after your site, but fail2ban and sane login credentials will do the same AND provide protection against most seasoned attackers too.

The only time I would recommend non-standard ports would be to reduce the reporting (ie if you're getting page long failed login reports every day, then having a non-standard port will reduce it's contents)

Ironically, the kind of daemons that are more likely to get hacked will be the kind of daemons that would need to run on standard ports anyway (http->80 and smtp->25).
post #13 of 14
Thread Starter 
Just thought I would update this thread stating that my server has been hack free since implementing the advice on this thread. At least so far smile.gif.

Thanks all.
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
Windfall
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 Asus P5E3 Premium Wifi XFX HD Radeon 6950 SuperTalent 
Hard DriveOptical DriveOSMonitor
WADFALS1001 WD Black Edition 1TB x 2 Raid 0 DVD-RW DIE VISTA, Using W7 24Inch 1920x1200 
PowerCase
Corsair 750TX Corsair 800D 
  hide details  
Reply
post #14 of 14
Too add the all the fun, make sure the root access via ssh is turned off. You can always su or sudo to root.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › Server got hacked.. interesting security opportunity