1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Help is required.

Discussion in 'Site & Server Administration' started by usf, Jan 1, 2010.

0
  1. #1
    Hello Sir, I need some help related to my server. I have a dedicated server. I am facing the burt force attacks. And I have centos 5 Linux and now i am wanted to change the port 22 to some thing else. But i don't know how to back up the file before changing. Can some one please tell me how can i back up the file and what is the process of reload the file in case of some thing wrong. And how can I change the port Please explain it in detail.
    Thx
     
    usf, Jan 1, 2010 IP
  2. asagi77

    asagi77 Peon

    Messages:
    18
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    $IPTABLES -A INPUT -i $EXTIF -p tcp --dport 6666 -j TCPACCEPT
    add this rule in to your firewall and then use 6666 port for ssh
     
    asagi77, Jan 3, 2010 IP
  3. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #3
    The file you need to edit is /etc/ssh/sshd_config.

    To make a backup, you can simply copy that file to somewhere else beforehand:

    [root@host]# cp /etc/ssh/sshd_config /etc/sshd/sshd_config.2010-01-03.bak
    Code (markup):
    The line you need to change looks like this:
    
#Port 22
    Code (markup):
    and you should change it to something like this:
    
Port 7522
    Code (markup):
    then restart the SSH daemon:
    [root@host]# service sshd restart
    Code (markup):
    Before you log out, open up a new PuTTY window and try to log in again on the new port. If that doesn't work, put the old file back, restart sshd again and try to figure out what went wrong.
     
    Ladadadada, Jan 3, 2010 IP
  4. usf

    usf Active Member

    Messages:
    53
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    91
    #4
    Thanks Buddy

     
    usf, Jan 6, 2010 IP
  5. cocodude

    cocodude Active Member

    Messages:
    37
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    55
    #5
    If they do a portscan, they might still find the SSH server in future, so maybe it's worth having additional security such as fail2ban which will block the IP address if there have been too many attempts on it?
     
    cocodude, Jan 7, 2010 IP
  6. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Possibly... but in practice, I have found that no one does that. There are two different threats here:

    1. Attackers who want any server for its CPU/bandwidth.
    2. Attackers who want the data on your server.

    Changing the port will protect against 1. and will not protect against 2.

    I have seen 15,000 attempts per day from 1. and have never seen a single brute force attempt on a non-standard port (which would be 2).

    I have also seen fail2ban and similar products like denyhosts lock legitimate administrators (including me!) out of their own machines more often than makes them worthwhile.
     
    Ladadadada, Jan 7, 2010 IP