Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Got hacked , now what ?

  1. #11
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Got hacked , now what ?

    I've not heard of that happening, but I haven't used fail2ban. *shrug*
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  2. #12
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Got hacked , now what ?

    Quote Originally Posted by CharlesA View Post
    Explain?
    If somebody spoofs your ip address, these tools will lock you out.

    The solution is to white list your ip address, which can be done with iptables and denyhosts, not sure about fail2ban .
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #13
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Got hacked , now what ?

    Quote Originally Posted by bodhi.zazen View Post
    If somebody spoofs your ip address, these tools will lock you out.

    The solution is to white list your ip address, which can be done with iptables and denyhosts, not sure about fail2ban .
    Thanks for the info. I might have to play around with fail2ban, but idk.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #14
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Got hacked , now what ?

    Quote Originally Posted by CharlesA View Post
    Thanks for the info. I might have to play around with fail2ban, but idk.
    If you understand iptables (and I think you do), I find it easier then installing yet another service such as denyhosts or fail2ban.

    denyhosts uses tcpwrapper (/etc/hosts.deny) plus it has the ability to track naughty ip addresses, both in a local data base but also in a central database.

    fail2ban covers additional services and it a bit more complex to configure. fail2ban will monitory your logs and can be configured to watch ftp, ssh, http, etc. fail2ban uses iptables (I think).

    Once I learned iptables, I fine it easier to configure iptables to cover the services I need.

    tcpwrapper is also easy to configure and I use that for ssh.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #15
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Got hacked , now what ?

    Yup, I am using iptables so far and it's working great.

    A lot easier to configure too. Heh.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  6. #16
    Join Date
    Apr 2006
    Location
    New Mills, UK
    Beans
    1,213

    Re: Got hacked , now what ?

    fail2ban can be configured to ignore ip so that will stop DOS attacks from having effect.
    The value is in jail.conf, [DEFAULT] section and is called "ignoreip"

    Hope this helps.
    Malac - "Time Is Precious, Waste It Wisely"
    Registered Linux User 416897
    Registered Ubuntu User 7567

  7. #17
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,818

    Re: Got hacked , now what ?

    The most important security tip is not to use stupid short passwords.

  8. #18
    Join Date
    Jan 2008
    Beans
    69

    Re: Got hacked , now what ?

    if you use more than just SSH for admin access like Webmin, FTP, or something then I'd recommend channeling all your admin tools over VPN using OpenVPN, then any admin tools are locked down in a VPN tunnel.

    Forensics is rather hard, so I'd find out what exactly has been going on before acting too fast, maybe something is bugging and just caught in a loop with sendmail, or something else that would appear as spamming.
    ------------------

  9. #19
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 22.04 Jammy Jellyfish

    Re: Got hacked , now what ?

    Quote Originally Posted by ov3rcl0ck View Post
    if you use more than just SSH for admin access like Webmin, FTP, or something then I'd recommend channeling all your admin tools over VPN using OpenVPN, then any admin tools are locked down in a VPN tunnel.
    I usually have those only have stuff like webmin tunneled over SSH and not accessible directly from the internet. It's a bit more secure that way.

    Haven't bothered with VPNs for that.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  10. #20
    Join Date
    Jul 2007
    Location
    The Internet
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Got hacked , now what ?

    You can configure iptables to limit the rate of connections attempts, which will render bruteforcing ineffective, for example:

    Code:
    iptables -A INPUT -p tcp --dport <your ssh port> -m limit --limit 6/minute -j ACCEPT

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •