what would you do

Taz

If there wasn't any firewall. Lol blocked 68 bruteforce attempt in less than 10 min. I would die without em. What about you?

AsadHaider

Be rather screwed?

HalfEatenPie

@NinjaHawk said: If there wasn't any firewall. Lol blocked 68 bruteforce attempt in less than 10 min. I would die without em. What about you?

Fail2ban?

Taz

That's another form of firewall as well.

Maounique

Pick a pass like one of mine ButItIsGoodToRemember_LFS123!@# and let the robots crack it. Of course, not in english and make sure to use weird chars in your language. M

gsrdgrdghd

Just continue the same as before? I don't use any IPTables rules on my servers and i don't see any reason to do so.

Maounique

@gsrdgrdghd said: Just continue the same as before? I don't use any IPTables rules on my servers and i don't see any reason to do so.

This. IPTables dont help if you have vulnerable apps, and if they dont have known exploits, then IPTables are not needed. So, keep your installation up to date by applying latest patches, not really by putting up the latest and greatest version, put up only what you need, listen only on the ports you need, if you access some ports only yourself, make them listen only locally and use port forwarding with ssh, etc... M

dearroy

Just keep complex password and let them be.

bdtech

Change the port, Disable root login, then just su -

dmmcintyre3

SSH key auth, disable any unneeded services, run yum update often, have stuff like MySQL listen on 127.0.0.1.

Presbytis

@Maounique said:

Pick a pass like one of mine ButItIsGoodToRemember_LFS123!@# and let the robots crack it. Of course, not in english and make sure to use weird chars in your language. M

I pick password like "kawit esuk ketuk bengi ngantuk terus", its pretty easy to remember (my native language) but i think its long enough to prevent bruteforce. :)

yomero

Just 68 in 10 minutes? Bah...

Maounique

@Presbytis said: I pick password like "kawit esuk ketuk bengi ngantuk terus", its pretty easy to remember (my native language) but i think its long enough to prevent bruteforce. :)

Any long enough password is hard to bruteforce, but using only one type of letters is not good enough, even if you have space, which few ppl use :) Best should have lowercase, uppercase, numbers, special chars (*&^% etc) and space as the cherry on the top :) Introducing only one of each is enough to skyrocket the number of combinations. However, from what i saw, those attacks are really limited, saw passes tried such as kevin, lpt and even bob... M

Taz

Wat about passwords in Chinese language? That would be a pain to crack as bots only use english.

dearroy

@NinjaHawk said: Wat about passwords in Chinese language? That would be a pain to crack as bots only use english.

Few people use Chinese character in password because you can only paste it to the blank. when you try to type Chinese in blank you will get Pinyin characters at last.

Damian

additionally, changing services away from "standard" ports will prevent 99% of the bruteforce attacks. There's 4 billion other IPs to try out, why bother with spending time figuring out what port you've changed to

Taz

That eventually is a fun thing to do :)

nunim

@Maounique said: Any long enough password is hard to bruteforce, but using only one type of letters is not good enough, even if you have space, which few ppl use :)

Wow I actually never knew you could use spaces in Linux passwd's, too bad if I use them now I'll never remember that I used them since I'm so used to no spaces, but thanks for the tip!

Randy

Change to a random port:)

jcaleb

i think no need firewall if all your service will be opened anyways to the outside. e.g. if you only run ssh and web

AstoundingHost

Nothing. All my passwords are different and secure. Chances of someone / something cracking my passwords are pretty much nil.

Taz

@AstoundingHost passwords can be cracked no matter how secure it is. May be some will take longer then other but yes, it can be cracked.