NYCPHP Meetup

NYPHP.org

[nycphp-talk] [OT] SSH security question

Mitch Pirtle mitch.pirtle at gmail.com
Sun May 1 12:21:02 EDT 2005


On 4/30/05, David Mintz <dmintz at davidmintz.org> wrote:
> 
> Is it normal to get attacked like this just about every day?

That would be awesome, since I get scanned (these are not really
attacks) about every 90 minutes. Some servers are almost constant,
depends on who/what/how many you are hosting on one machine as well.
These are really just scans and automated probes, if someone was
really attacking your server you would most certainly know it - there
is no real way to 'quietly attack a server'.

I install Portsentry immediately upon having a shell on a remote
server, if only to get rid of most of the skript kiddiez. Once that is
done, I can take the time to harden the system.

Some good reading:

* Hardening Apache, by Tony Mobily (Apress)
* Maximum Linux Security, by Anonymous (SAMS)
* Linux Serve Security, by Michael D. Bauer (O'Reilly)

Also there are a ton of resources out there, but the Apache book is a
real good start for linux webservers.

-- Mitch



More information about the talk mailing list