New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
The one-time passwords do work when the servers are offline, comparable to a RSA SecureID.
Also, the duo auth application can't download and execute code or run commands sent by a server. (UNIX auth part is open source, so you can audit yourself)
For SSH security on a webserver you could.
Install cloudflare for your sites.
Install my ASN black list for certain bad ASNS such as the Chinese ones.
Install fail2ban or denyhosts.
change SSH port.
Should give you a very very tough security.
It's less racist than reality. A huge amount of this traffic comes from China. A huge amount also comes from the US and plenty of other countries. If you don't have a any legitimate need for traffic from China, or whatever country, then it's "racist" to block it?
Racist would be "I don't want those slanty-eyed bastards docking their sampans to my server", not "I want to block login attempts from a country where large amounts are originating, and I don't expect any legitimate traffic from.".
Human nature is to make mistakes, we all do and all will. The more layers of security, the more someone has to bungle to expose security risks.
Come on; He's trying to help people. Asking his reasoning would've been enough. Continuing/creating an argument about political issues in a technical thread wasn't necessary.
From what I understand, from a technical point of view, using country-based block lists can create more resource consumption. It's been a while since working on cPanel, but I specifically remember this from CSF's documentation. I'll only assume this is true given that: a GeoIP database is used to detect country, a user connects, and must have their IP cross-referenced with this large database.
This is a valid point; Many online businesses don't have a large presence in China. Some web hosts even block people in specific countries from signing up with them as a result of a history of abuse from these countries. These actions are the result of continuing trends, and not simply assumption on the companies parts.