[development] Fully patched site hacked and cloaked
Samir Nassar
samir.nassar at gmail.com
Wed Jan 27 19:31:46 UTC 2010
On Wed, Jan 27, 2010 at 1:11 PM, Jason A. Nunnelley <jason at jasonn.com> wrote:
> On Wed, Jan 27, 2010 at 1:03 PM, Domenic Santangelo <domenics at gmail.com>
> wrote:
>> I'm hearing some complicated attack vectors being tossed around in here
>> (password sniffing, mitm, etc) -- don't forget about a pretty simple one:
>> dictionary attacks. I recently took over a project for a small-medium sized
>> client and upon looking at the secure log noticed 50k+/day dictionary
>> attacks against SSH. I installed fail2ban and now get 5-6 emails daily about
>> brute-force hack attempts.
>
> Just wonder why you don't simply block attempts beyond 5 or 10.
If you are going to go through the effort of fail2ban and similar
software why not use Public Key Authentication and call it good?
Samir Nassar
http://samirnassar.com
More information about the development
mailing list