Reco wrote: > You mean that all these connections originate from 197.159.128.171? > "iptables -I INPUT -s 197.159.128.171/29 -j DROP" will take care of it. >
No this was just an example - they come from different IPs. Some days nothing, some days it is nothing. > While you're at it, write an abuse letter to Jonathan Lamptey - he? owns > problematic IP range according to AFRINIC. > > >> I think both are secure: for ssh no users with easy password allowed to >> login > > If you have password-enabled ssh with stock Ciphers, MACs, and Kex'es > enabled, and your only protection is non-standard ssh port - then you > are doing it wrong. > > Set these to /etc/ssh/sshd_config, and watch all those script-kiddies > cry as they won't be able to connect to you at all: > > Ciphers chacha20-poly1...@openssh.com,aes256-...@openssh.com > MACs > hmac-sha2-512-...@openssh.com,hmac-sha2-256-...@openssh.com,umac-128-...@openssh.com > KexAlgorithms > curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256 > > And forbid ssh password authentication. They've invented key-based > authentication for cases like yours 15 years ago. > > Thanks, this is a good advise I will investigate. In fact I have 2 ssh servers - one for internal network and one for external. External is allowed only for 3 users including me. When I upgraded to jessie or to stretch I also updated the cipher rules, but I will double check. >> and apache - no pages or stuff that would compromise. > > As long as this apache serves static HTML only then you're probably safe > indeed. Ok thanks for that - I think it is true as it is local server and there is nothing php - but just documentation. thanks regards