On Wed, 2015-02-04 at 14:08 -0500, Lamar Owen wrote:
However, the reason you want a password that is not easily bruteforced has nothing to do with this, and all bruteforce attempts cannot be blocked by this method.
Thanks for your well-explained concerns. You make good sense.
Just counted the characters in one of my root passwords. It uses uppercase, lowercase, symbols, numbers and is a mere 25 characters long. Another one is, I think, about 32 characters long.
Plain FTP is banned. SSH is shifted away to an obscure port and permitted only for 3 predetermined IP addresses. Web hackers are automatically banned after the first attempt. Similar defences are employed against spammers and mail hackers.
I restrict directory and file access to special users with no-logon ability. I upgrade immediately a replacement is announced. I read my chosen selection of logs and self-created reporting programmes from every server.
IP Tables restricts in and out traffic as much as possible. DROP appears everywhere.
I'm not paranoid about security but I do not intend to be a passive or a willing victim of hacking etc. I would jail hackers for a minimum of 6 months.