Installing fail2ban on publicly accessible servers is probably a Good Thing as well, and would have saved someone some headaches.
Afaik, though, you have to compile fail2ban for sles9. All others just a apt-get install fail2ban or yum install fail2ban away. Ideally you have alternate ports or port knocking for ssh, but sometimes it isn't possible when you to access the box from behind a firewall. P.S. Keeping old unsupported distros running for sentimental and uptime reasons is.... silly. /me ಠ_ಠ On Mon, Dec 20, 2010 at 10:51 PM, Harisfazillah Jamel < [email protected]> wrote: > Team, > > Found this > > > http://www.linuxquestions.org/questions/linux-security-4/server-infected-with-scanssh-pscan2-sshf-823263/ > > and more sites that I should share with everybody > > > http://sites.google.com/site/zenarstudio/home/kb/linux---howto---investigate-a-linux-compromise > > > http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html > > That all for now.... > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 >
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
