Server Security
I have been taking a look at three recent outages on my server in the past week and have found it to be some serious interest from a few IP’s
I then did a run through my /var/log/messages and found some attempts to login from these same IP’s to the box – then checked my mail box and saw the same thing.
What I have done is the following;
Installed denyhosts
Installed ossec
Locked down SSH and other services a bit more
I will be looking at mod_security sometime, but that will wait a bit
Bah twits!
Along with this, I think I have streamlined apache and mysql sufficiently now to stop using so much resource on the machines, up to friday i was getting load averages of about 4, since tweaking, this hasnt gone over .8 – I think i did it well enough.
Related posts
Comments (3)
Which IPs? I’ve been hammered on ncane.com from a very small set of IPs from the US, and running up 50GB of traffic in a month. On 302-redirects. Not fun.
208.* ranges – tis not really malicious – just been worrying that i might need an upgrade – … im sure all servers try get logged into – just put extra mechanisms on mine now
ps. i cant comment on any of your posts