Thanks Vince I have a firewall, but not the best and the apache server is on the dmz. Can't figure out (if it is possible) to blacklist IPs on the dmz.
This is a fairly sophisticated operation with money to spend on security appliances. Skip -----Original Message----- From: Vince M. Clark [mailto:[EMAIL PROTECTED] Sent: Friday, March 07, 2008 1:00 PM To: [email protected] Subject: Re: Server Security I'm no network guru, but here are some ideas. 1) Fairly cheap and easy solution - If you have a spare server on your network, or if you have one virtualized and can create a virtual server for ssh access from the outside, then you could restrict ssh on your OfBiz server to only accept connections from internal IP's. So from the outside you would connect to your dedicated ssh box and then ssh from there to your OfBiz server. 2) A bit more sophisticated solution - I think a good firewall will have some penetration detection capabilities. So for example, you could configure your firewall to blacklist IP's after a certain number of attempts to connect to your server over ssh. If a firewall can't do this I'm sure there are other network appliances or software you could install on the server to perform intrusion detection. ----- Original Message ----- From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: [email protected], "Jacques Le Roux" <[EMAIL PROTECTED]> Sent: Friday, March 7, 2008 1:55:02 PM (GMT-0700) America/Denver Subject: Server Security This is a bit off topic, but I am betting someone can offer some advice. My newly installed servers for my first ofbiz installation are getting hammered with SSH login requests and probably others I do not know about. I need to expose SSH on at least one to allow me to manage the servers remotely. I am also concerned that someone will eventually guess the password to one of the ofbiz accounts (I am getting one login request every 10 seconds). I am also concerned about the bandwidth being consumed by these pirates. I am considering requiring ssl certificates to any who want to use SSH or https to the backoffice apps, but can't find any good books on the topic. Can anyone offer any advice on a direction or in particular, a good book on the topic. I am configured with an apache server fronting an ofbiz server, with the ofbiz server having NAT internet access for address lookups and freight charge lookups. The apache/mail server is the one currently getting hammered. I have temporarily shut down apache and ssh till I get the issue resolved. Skip No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.4/1313 - Release Date: 3/5/2008 9:50 AM No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.4/1313 - Release Date: 3/5/2008 9:50 AM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.4/1313 - Release Date: 3/5/2008 9:50 AM
