[CentOS] server is always getting hacked

Sun Jun 28 16:48:47 UTC 2009
Linux Advocate <linuxhousedn at yahoo.com>

get ;

1. fail2ban - it blocks failed login ips etc
2. get shorewall or any iptables front end and restrict ips to the ranges u need ( or even specific ips)
3. run ssh on a nonstandard port
4. good, long  password

these steps will go a long way and will get u started.



----- Original Message ----
> From: Mag Gam <magawake at gmail.com>
> To: CentOS mailing list <centos at centos.org>
> Sent: Sunday, June 28, 2009 3:21:25 AM
> Subject: [CentOS] server is always getting hacked
> 
> WE have a centos 5.3 install, and our server is keep getting hacked.
> We see load averages of 500+ and see people from all over the world
> logging into our server (used last).
> 
> Is there a good place to start to avoid these kinds of things?
> 
> For example, here is what I already did.
> 
> Open up sshd port only
> setup iptables to only accept port 80 and 22
> No FTP
> No other ports are allowed according to IP Tables.
> 
> 
> I am not sure what else measures I can take. Can someone please assist?
> 
> TIA
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos