[development] Fully patched site hacked and cloaked
Syscrusher
syscrusher at 4th.com
Thu Jan 28 21:43:50 UTC 2010
On Wed, 2010-01-27 at 11:42 -0800, Domenic Santangelo wrote:
> > If you are going to go through the effort of fail2ban and similar
> > software why not use Public Key Authentication and call it good?
> >
>
> Cause "yum install fail2ban" wasn't actually a lot of effort.
I run a coop server where some of the clients are *NIX users, some
clueful Windows users, and some clueless Windows users. The *NIX and
clueful Windows users all use SSH and SFTP, but the clueless Windows
users refuse to use PuTTY or anything like it because "Microsoft
FrontPage supports FTP!!!!". (Not all the sites on the server are
Drupal.)
I agree fail2ban is good stuff. I installed it a few months ago and saw
a dramatic decrease in dictionary attacks. The would-be crackers mostly
give up and go away after fail2ban blocks them for a while.
Scott
--
Syscrusher <syscrusher at 4th.com>
More information about the development
mailing list