Prevent any backends for CentOS

Discussion in 'Systems Administration' started by BotPro, May 14, 2015.

  1. I'm kind of new to CentOS and was wondering how to prevent and backends to my server.
    Is there anything that I can do to prevent my Linux server from getting hacked into?
    Please list anything that I could do to protect my server from someone else getting access to my server.
     
  2. fail2ban

    SSH keys

    don't use root

    there's loads more but can't remember them off the top of my head (on mobile right now).
     
  3. A few more options are change the SSH port, Whitelist your IP, Block china, etc, etc.
     
    #4 GGhost, May 14, 2015
    Last edited: May 14, 2015
    • Agree Agree x 1
  4. Block those China brute forcers!
     
  5. you should install swatch to monitor all unauthorised login attempts and automatically block those IP, which had, say, three failed attempt. Also, you might want to consider blocking certain country address. I have something like this in my test server:

    Code (Text):
    # DROP_COUNTRY_MAKE

    DROP_COUNTRY_MAKE(){
        for addr in `cat /tmp/cidr.txt|grep ^$1|awk '{print $2}'`
        do
            echo "-A DROP_COUNTRY -s $addr -m limit --limit 1/s -j LOG --log-prefix\
    \"[IPTABLES DENY_COUNTRY] : \"" >> $IPTABLES_CONFIG
            echo "-A DROP_COUNTRY -s $addr -j DROP" >> $IPTABLES_CONFIG
        done
        grep ^$1 $IP_LIST >> $CHK_IP_LIST
    }

    # obtain IP address list.
    IP_LIST=/tmp/cidr.txt
    CHK_IP_LIST=/tmp/IPLIST
    if [ ! -f $IP_LIST ]; then
        wget -q http://nami.jp/ipv4bycc/cidr.txt.gz
        gunzip -c cidr.txt.gz > $IP_LIST
        rm -f cidr.txt.gz
    fi
    rm -f $CHK_IP_LIST

    # accept access from Japan and Australia
    ACCEPT_COUNTRY_MAKE JP
    ACCEPT_COUNTRY_MAKE AU

    # Top 5 sources of attack to Japanese police facility.
    # http://www.cyberpolice.go.jp/detect/observation.html
    DROP_COUNTRY_MAKE CN
    DROP_COUNTRY_MAKE CA
    DROP_COUNTRY_MAKE IR
    DROP_COUNTRY_MAKE NL
    DROP_COUNTRY_MAKE TW
    echo "-A INPUT -j DROP_COUNTRY" >> $IPTABLES_CONFIG
     
  6. Ok thanks guys. I'll try to learn how to do this on my test vps.
     
  7. If you are using SSH keys, there's no need for fail2ban, change SSH port or block some countries.
     
  8. Just out of curiosity why block some country's ip?
     
  9. China likes to brute force..dedi's. Also like no china people are actual minecraft players. So block them, same with Russia and North Korea. They will likely brute force.
     
  10. Disable root logins, have a username that is sort of random i.e jki789123. As well as that having a strong password with a variation of special characters and lower case and upper case as well as numbers is a good idea. If you really want to you could also change the ssh port, also don't keep any ports open that you don't need open.
     
  11. Can't they just use vpn to try and log on anyways? By the way thanks, will do.
     
  12. Paying $25 for someone to guide me to do whatever is needed for protection for my dedicated server, and teach me the basics of Linux etc...

    Private message me on here to get more info.
     
  13. SSH keys are much more secure than even random passwords.
     
  14. Why would anyone who has internet in North Korea brute force you?
     
  15. Not anyone, but they don't even speak English. First of all they won't help your server, second of all North Korea hackers like to brute force.