This is a bit off topic, but I am betting someone can offer some advice. My newly installed servers for my first ofbiz installation are getting hammered with SSH login requests and probably others I do not know about. I need to expose SSH on at least one to allow me to manage the servers remotely. I am also concerned that someone will eventually guess the password to one of the ofbiz accounts (I am getting one login request every 10 seconds). I am also concerned about the bandwidth being consumed by these pirates.
I am considering requiring ssl certificates to any who want to use SSH or https to the backoffice apps, but can't find any good books on the topic. Can anyone offer any advice on a direction or in particular, a good book on the topic. I am configured with an apache server fronting an ofbiz server, with the ofbiz server having NAT internet access for address lookups and freight charge lookups. The apache/mail server is the one currently getting hammered. I have temporarily shut down apache and ssh till I get the issue resolved. Skip No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.4/1313 - Release Date: 3/5/2008 9:50 AM
