The Hail Mary Cloud and the Lessons Learned 99
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."
Denyhosts (Score:5, Informative)
Re:Denyhosts (Score:5, Informative)
Another useful software for auto-banning bad accesses is fail2ban [fail2ban.org] which can also handle other services, like exim, vsftp, apache, etc.
Re:Denyhosts (Score:4, Informative)
I second that: DenyHosts is now mandatory on all the Linux servers I manage, and allows one to protect servers against that type of attacks with minimal effort.
Please note that the author did not mention Denyhosts since his servers run OpenBSD, which incorporates DenyHosts functionality through ''pf'', its packet filter/firewall software (see the brute-force configuration of pf for more details).
Executive summary (Score:5, Informative)
"I've managed to get my name on slashdot a lot"
"Use key auth instead of passwords"
"My references are my own blog posts"
There's nothing interesting to see here. Don't allow password logins to your system, because you can't trust people to use good passwords. It's 2013, there's no cake for pointing this out.
Re:Denyhosts (Score:5, Informative)
If you like DenyHosts - look at fail2ban. It has all the functionality of the older DenyHosts project and more. You can ban based on more than failed ssh logins - but any type of logfile imaginable. With customized responses to X login failures per Y time units for Z service. You'll find it in the repo's for all debian/rhel based distributions.
Some more guidance on setting up SSH (Score:2, Informative)
Here is the guide we provide to the SSH users at our University: https://it.wiki.usu.edu/ssh_description [usu.edu]
Some of the major points: