So, I decide to block that's brute-force activities with this simple step:
- Modify /etc/ssh/sshd_config
This step is to ensure you will not receive SSH root account connected to your service.
With root, open /etc/ssh/sshd_config file and find PermitRootLogin. Make sure your PermitRootLogin option is no, such as this:
PermitRootLogin no
- Add simple iptables entries
The last step is add simple iptables entries to prevent brute-force activities.
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 4 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j LOG --log-prefix "SSH brute force " -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
(Taken from: rudd-o.com)

0 komentar:
Posting Komentar