Rat's

CentOS and Debian/Ubuntu install Fail2ban services to prevent brute force cracking of FTP/SSH
Note: Generally, people who have used VPS can check the system log by referring to: Check whether SSH is scanned through Auth.log, and you will find that SSH is often scanned
Scan the QR code on the right to read the full text
twenty
2015/12

CentOS and Debian/Ubuntu install Fail2ban services to prevent brute force cracking of FTP/SSH

explain: Generally used VPS Check the system log for reference: Check whether SSH is scanned through Auth.log , you will find ssh It is often scanned by people for tens of thousands of times. If it is cracked, it will cause many problems. Especially for those who back up things and websites on it, the loss is huge. So we need to take some measures to minimize such incidents Fail2ban To prevent violent cracking. Fail2ban can be used to FTP/SSH Login frequency limit, if the number of login attempts IP Address, and then give restrictions.

More basic VPS For security settings, refer to: Modify SSH port+disable ROOT login Linux VPS uses DDOS deflate to defend against DDOS attacks

1. Install Fail2ban
CentOS

 yum install epel-release yum install fail2ban

Debian/Ubuntu

 apt-get install fail2ban

2. Configure Fail2ban
Direct use WinSCP Tools or others FTP Administrative Tools Edit /etc/fail2ban/jail.conf File.

 Ignoreip=127.0.0.1 # Ignored IP list, not restricted by settings (white list) Bantime=600 # shielding time, in seconds Findtime=600 # If the specified number of times is exceeded in this period, it will be blocked Maxretry=3 # maximum attempts Backend=auto # Log modification detection mechanism (gamin, polling and auto) [ssh iptables] # Check the configuration of each service, such as setting bantime, findtime, maxretry and global conflict. The service priority is higher than the global setting Enabled=true # Whether to activate this item (true/false) Filter=sshd # Name of the filter rule, corresponding to sshd.conf in the filter.d directory Action=iptables [name=SSH, port=ssh, protocol=tcp] # Action related parameters sendmail-whois[name=SSH, dest=root, sender= fail2ban@example.com ]# Recipients who triggered the alarm Logpath=/var/log/secure # The login log file of the detected system Maxretry=5 # maximum attempts

When starting, you need to put the front # Remove, and then modify the corresponding parameters. use service fail2ban start Start the service.

proposal DDOS deflate and Fail2ban Install together to protect our server as much as possible.

Vultr New user registration send one hundred USD/ sixteen Each computer room is charged by hour, and Alipay is supported【 Click to view 】。
Last modification: December 20, 2015 08:33 PM

Comment