Having fun with your own Linux server but don’t really know what you’re doing? At the very least, install fail2ban. There are many other things you should do, but start with that.

Here’s why. The Internet is a sea of evil bundles of data originating almost exclusively from China trying to hack your server to do bad things with it. One trick is to guess or brute force your root password, trying over and over until it gets lucky. Just last month I had 8678 incidents of that, almost 300 a day, 11 an hour.

This Fail2ban thing is simple yet beautiful – when it spots an IP trying to guess more than a handful of passwords, it pops that IP into your firewall, meaning it locks them out. You could also just ban all IP ranges belonging to China and Russia, but that’s a little tricky, so start with Fail2ban.

Look at what I’m talking about, I’m getting hacked by a Windows Mobile phone:

On Redhat/CentOS, yum install fail2ban; on Ubuntu, apt-get install fail2ban, same on Debian, and I’m going to take a wild guess that you’re not running OpenBSD and don’t need instructions from me.

Doug Simmons G+

1 COMMENT

Comments are closed.