Brute Force Attacks
As some of you may know (if anyone actually reads this :) ), I've been running a MythTV box for a while now as a PVR / media centre.
As part of the setup, I have opened up my firewall for two services the linux box provides, firstly the included web server so I can see what's on and schedule recordings remotely, and secondly for remote ssh access.
Having read some posts on security lately I decided to look at my auth.log file, and was pretty scared by what it contained.
It seems as if my box is been trageted by brute force attacks trying a whole variety of different users to try and gain access! I don't think anybody has actually gained access (although I've changed the passwords just in case!) but it scared me into looking for a solution!
A bit of searching brought up sshdfilter which seems to be the answer. This continually monitors the ssh access, and anytime an illegal user is requested, the corresponding IP address is automatically blocked. This should stop the problem, as all of my attacks have been coming from just a couple of IP addresses.
I'd recommend checking this out if you have an exposed linux box as it might help prevent attacks, which can only be a good thing!
As part of the setup, I have opened up my firewall for two services the linux box provides, firstly the included web server so I can see what's on and schedule recordings remotely, and secondly for remote ssh access.
Having read some posts on security lately I decided to look at my auth.log file, and was pretty scared by what it contained.
It seems as if my box is been trageted by brute force attacks trying a whole variety of different users to try and gain access! I don't think anybody has actually gained access (although I've changed the passwords just in case!) but it scared me into looking for a solution!
A bit of searching brought up sshdfilter which seems to be the answer. This continually monitors the ssh access, and anytime an illegal user is requested, the corresponding IP address is automatically blocked. This should stop the problem, as all of my attacks have been coming from just a couple of IP addresses.
I'd recommend checking this out if you have an exposed linux box as it might help prevent attacks, which can only be a good thing!
1 Comments:
Mythtv is grrreat! (once you get it up and running and fully configured). Having read this blog, i checked my auth logs file, but it doesn't appear that i have had any hostile attempts (lately). Although i would suggest changing from the default user mythtv and password mythtv!
By Anonymous, at 3:34 pm
Post a Comment
<< Home