Quote:
Originally Posted by thonglife
deny from .ru
deny from .cn
|
Rather than a blacklist, I'd use a whitelist, especially for stuff like SSH and FTP.
Also, you can set your server to email you immediately when any user logs in via SSH or FTP, that way you're alerted instantly that something is going on.
Quote:
At command prompt type:
pico .bash_profile
Scroll down to the end of the file and add the following line:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" [email protected]
Save and exit.
|
Make sure to disable Telnet as well.
Also, turn off Apache ID by editing httpd.conf and change ServerSignature to OFF.
Thats pretty much the main stuff I do on a new box. There are several others too, but this should do unless you're specifically targeted.