Slashdot Mirror

← Back to Stories (view on slashdot.org)

Coping With 1 Million SSH Authentication Failures?

Posted by kdawson on from the some-definitions-of-managed dept.

An anonymous reader writes "I own a small Web development studio that specializes in open source software, primarily Drupal, WordPress, and Joomla for small businesses. Our production servers, which host about 50 sites and generate ~20K hits/week, are managed by a 3rd party that I'm sure many on Slashdot would recognize. Earlier today I was researching some problems on one of our sites and found that there have been over 1 million SSH authentication failures from ~1200 IP addresses on one of our servers over the last year. I contacted the ISP, who had promised me that server security would be actively managed, and their recommendation was, 'change the SSH port!' Of course this makes sense and may help to an extent, but it still doesn't solve the problem I'm facing: how do you manage server security on a tight budget with literally no system admin (except for me and I know I'm a n00b)? User passwords are randomly generated, we use a non-standard SSH port, and do not use any unencrypted services such as FTP. Is there a server monitoring program you would recommend? Is there an ISP or Web-based service that specializes in this?"

5 of 497 comments (clear)

  1. HELP! SOMEONE DIAL 911 by Anonymous Coward · · Score: -1, Offtopic

    eat out my asshole. Won't help with that SSH thing, but damn I enjoy it.

    Call up Rob Malda. Tell him someone finally needs him to do what he studied so hard for at STU. By the way, STU is the acronym for Salad Toss University. Cheers.

  2. Re:whatcouldposiblygowrong by darkpixel2k · · Score: 0, Offtopic

    He could get trolled on slashdot by the very people he's coming to ask for help to become *less* of a noob.

    I'll bet you teach your kid gun safety by shooting him in the neck.

    LMAO! Where are my mod points?

    --
    There's no place like ::1 (I've completed my transition to IPv6)
  3. Re:whatcouldposiblygowrong by DotComMarky · · Score: -1, Offtopic

    That's a beautiful and witty analogy but to reverse it:

    If he asked "How can I stop my house being burgled?" and you said, "Without a full alarm, CCTV and patrol system, don't even bother. Leave it to the professionals."

    Some others might see some practical value in suggesting, "Maybe lock your door at night."

    My opinion in this situation is first to take what advice you can and do something yourself as soon as possible (since any extra security is better than nothing). Next, as you suggested and when he has the resources to employ someone to do it properly, seek professional help. Simply doing nothing until he can do it properly sounds a bit dangerous.

    +1

    --
    It's just me.
  4. Re:Tar Pitting by Anonymous Coward · · Score: -1, Offtopic

    "Automatic" here refers to "without requiring arcane configuration steps."

    You know how to configure iptables to do this for you off the top of your head? Great. You definitely win. Have you ever heard of a Pyrrhic victory?

  5. Re:Exactly by ndege · · Score: 0, Offtopic

    For the love of moderation, will somebody please mod this the parent to +5 Funny/insightful!!!

    That comment is best I have read all week...you actually made me laugh out loud.

    --
    Sig Return: 204 No Content