[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] 7 relays gone because of spammers



mostly good stuff here, I'd merely suggest you use denyhosts with ssh
and keep it on standard 22 with only pubkey access enabled. Serves
perfectly well and ssh brute force attempts will get blocked fairly
swiftly. fail2ban can also do ssh.
-Jason

On 02/26/2015 03:24 PM, Speak Freely wrote:
> Hi ZEROF,
> 
> I had fail2ban, harden (which includes tiger, tripwire, logcheck, plus
> MANY others), all the fancy log checkers, rkhunter and clamav,
> unattended-upgrades, and had all logs emailed to me on a daily basis. It
> was tedious to go through, but I was trying to do my due diligence.
> 
> I disabled root login, changed ssh port (security through obscurity -
> damn right, but I kept it in the privileged range.)
> -------------------
> Each password was a minimum of 32 characters, alphanumeric plus symbols.
> No two passwords were alike, or remotely similar.
> (No, I didn't use keys :@)
> 
> I checked "how secure is my password", and this is the result:
> 	It would take a desktop PC about
> 	21 quattuordecillion years
> 	to crack your password
> 
> I had to look quattuordecillion up, as my spell checker doesn't know
> what it means. In the US, it means 1, followed up 45 zeros.
> (In the UK it is 10^84, but I believe the website is American so I'm
> sticking with ^45)
> ---------------
> I disabled as many services as I could reasonably tolerate. I removed
> world rights to as much as I could think. I did everything I could think
> of to make each VPS effectively useless except for running a Tor relay.
> 
> My firewall matched my Reduced Exit Policy, plus my "secret" ssh port.
> 
> ----
> I never thought about the honey-pot... That's a good one.
> 
> 
> Speak Freely
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays