Linode Forum
https://forum.linode.com/

Security and the newb
https://forum.linode.com/viewtopic.php?f=19&t=5785		 Page 2 of 2
Author:  Ævar Arnfjörð Bjarmason [ Thu Jul 08, 2010 7:06 pm ]
Post subject: 
vonskippy wrote:
I'm doomed. :roll:


Way to miss the point dude. I'm not saying that moving the ssh port is harmful. But that it's the sort of meaningless security measure you should steer newbies who wish to secure their systems away from, and instead suggest things that will actually increase their security.
Author:  Stever [ Thu Jul 08, 2010 8:33 pm ]
Post subject: 
Ævar Arnfjörð Bjarmason wrote:
vonskippy wrote:
I'm doomed. :roll:


Way to miss the point dude.

But you have to admit, he really is doomed ;)
Author:  jebblue [ Thu Jul 08, 2010 9:57 pm ]
Post subject: 
I'm also with vonskippy. Reducing log clutter and reducing bandwidth usage are two good reasons I can think of to keep SSH off port 22. It's a pain to type -p nnn but not that bad. I've had zero connection issues and I've been doing it since 2004.
Author:  melon [ Fri Jul 09, 2010 3:13 am ]
Post subject: 
Ævar Arnfjörð Bjarmason wrote:
Way to miss the point dude. I'm not saying that moving the ssh port is harmful. But that it's the sort of meaningless security measure you should steer newbies who wish to secure their systems away from, and instead suggest things that will actually increase their security.


I agree in your point where newbies have to understand that moving ssh ports is not really for securing a system but to ease up administration (reducing log clutter, bandwidth, peace of mind, etc)

OTOH I have never had any connection issues to non-standard ssh ports yet. Also, I use ~/.ssh/config to avoid typing -p ## all the time (and of course many more options in there).
Author:  FLindblom [ Fri Jul 09, 2010 4:03 am ]
Post subject: 
Thanks for all the replies! Very much appreciated!

I turned off passwords and moved to public key authorization.
I found that the LAMP server had suhosin already after all, saved me some time.
Activated the limit function in UFW to ban IPs with multiple failed logins.
Installed logwatch, it seems to do reports via e-mail so I guess I need to open holes in the firewall for that... Would allow smtp be enough?

I still couldn't get ssh to work over a custom port but it may have something to do with the firewall on my local machine, I'll investigate it further but if I understand correctly then when using key authorization it may not be that urgent.

vonskippy wrote:
How are you running phpmyadmin? It's a very popular (and successful) attack vector.


Not really sure what you mean by "how" I run it? I have since (based on jlevandowski's suggestion, thanks!) changed it to run over HTTPS. I also put all of it behind an .htaccess password, I figured that you'd have to crack that password before you can see that the server is running phpmyadmin at all. Famous last words, I know, but at least it's not immediately obvious to the casual observer.
Author:  obs [ Fri Jul 09, 2010 4:10 am ]
Post subject: 
My personal preference for running phpmyadmin is restricting it to the local host then connecting via a ssh tunnel.
Author:  jlevandowski [ Fri Jul 09, 2010 5:17 am ]
Post subject: 
Quote:
Installed logwatch, it seems to do reports via e-mail so I guess I need to open holes in the firewall for that... Would allow smtp be enough?


You don't need to open a hole in the firewall for this. However you do need postfix (or similar so that mail can go out from your server).
Author:  FLindblom [ Fri Jul 09, 2010 12:00 pm ]
Post subject: 
Thanks, I got it working after I fixed some errors in the postfix config on one server.

I also restricted access to the phpmyadmin site to my own IP as well, starting to feel pretty good about it all now, let's hope it lasts. :)

Cheers!
Page 2 of 2 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/