Posts tagged ‘Linux’

My new 8,192 bit public key.

I’ve been playing with gpg again, and decided it was time to bump up my key size in order to have a key that was acceptable for encryption for the next few years. Until quantum computing kicks in, then I’ll have to double/quadruple the key size again… who knows. But for now, I think this will suffice for awhile.

Modifying gpg source code to allow 8,192 bit keys was simple to accomplish and the information is freely available on the net, so I won’t repost it here. However, if you want my new key, here it is :)
Continue reading ‘My new 8,192 bit public key.’ »

Renewed / Extended Archlinux.me domain registration.

$50 gets me 3 more years …. .me is expensive lol.

Renewed / Extended Archlinux.me domain registration.

Domain Name:ARCHLINUX.ME
Domain Create Date:31-Mar-2009 04:31:26 UTC
Domain Last Updated Date:23-Jun-2009 23:25:58 UTC
Domain Expiration Date:31-Mar-2014 04:31:26 UTC

Arch Linux Info Script

I wrote this script because I’m on so many different Arch machines, sometimes it’s hard to keep track :) Plus, it gives me a handy way to find all of my information I’m looking for with one simple command. It outputs something like this:
Continue reading ‘Arch Linux Info Script’ »

Why you should change your ssh default port.

Wednesday, July 23, 2008
Why you should change your ssh default port.
Thought some of you might find this interesting. No one gets in, but it’s funny how just changing the port number on ssh will stop 99.99% of the stupid attacks (some random bot repeatedly attempting to gain access) . Several other things SHOULD be changed in the ssh config file also, not just the port number, but this one provides the most eye opening reasons to be secure.

Installed server on Jul 17th ….. less than 5 days later, well, you get the idea.
wtmp begins Thu Jul 17 21:57:08 2008

[root@VistaCrusher1 ~]# lastb | wc -l
25349

For the less command line oriented peeps, that means I had 25,349 attempts to breach my machine via the ssh login. Bad logins recorded, along with IP’s and other cool stuff.
Needless to say, I’ll go change that shortly, along with several other security precautions. I just wanted to see how many hits I’d get in 5 days. That, and I wanted to see who came back.

Imagine that…..

[root@VistaCrusher1 ~]# lastb | grep 125.164.202.240
clamav ssh:notty 125.164.202.240 Mon Jul 21 16:40 – 16:40 (00:00)
clamav ssh:notty 125.164.202.240 Mon Jul 21 16:39 – 16:39 (00:00)

Someone is STILL trying.

Here is a list of WHO tried.

[root@VistaCrusher1 ~]# lastb | awk ‘{print $3}’ | sort –unique

121.14.5.209
123.140.215.92
124.42.50.54
125.164.202.240
193.23.52.17
193.33.171.66
208.65.156.53
210.146.9.109
210.176.26.185
210.221.148.223
210.51.171.74
211.160.40.29
211.33.57.138
212.90.168.161
217.199.186.93
218.38.56.181
219.122.33.3
222.195.137.249
52.26.222.203.st
61.114.236.22
74.10.24.182
83.103.170.158
83.168.89.246
89.238.203.66
Sun
c-24-5-182-18.hs
mail.zdr.ru
mail3.gus.net
martinjajcaj.vps
mvx-200-201-183-
n220246012106.ne
security.isd.com
[root@VistaCrusher1 ~]#

As someone mentioned to me on the Archlinux forums, iptables can be used to help prevent this as well.

### START SECURITY RULES ###
# Don’t limit SSH from known addreses
# xxx.xxx.xxx.xxx
iptables -A forwarding_wan -p tcp –dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT

# SSH rate limiting from unknown IP addresses
# Allow 2 chances in 10 minutes to connect, reject after that
iptables -A forwarding_wan -p tcp –dport 22 -m state –state NEW -m recent –set
iptables -A forwarding_wan -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 600 –hitcount 3 -j DROP