Results 1 to 3 of 3

Thread: How to stop centos hack attempts

  1. #1
    Join Date
    May 2009
    Posts
    24

    How to stop centos hack attempts

    I am running a secure site form a web server. As a web developer, recently I notice some unexpected behavior in websites. My URL has extra long hashes and quotes. There are multiple attempts in the secure log thing. I believe that some one is hacking my server. Can any security person help to give a brief idea about how to avoid centos hacking attempts. How can I track weather my server is monitored by any spyware. Urgent Help needed.

  2. #2
    Join Date
    Apr 2008
    Posts
    3,339

    Re: How to stop centos hack attempts

    One thing I can suggest you if you feel that you are under attack. Use php to add iptables rules to block such unwanted connections. As you had noticed the attempts I believe from now onwards you will need to monitor you system regularly. The attempts in log means that some application is trying to steal your password and gain access. The automated programs are easily spot by a server which creates a log entry. To stop this attacks create a script that open and parses your secure log. Now look out for those entries and add rule to iptables script to block the ip's associated with them. These scripts can be easily modified and you add more ip's for security.

  3. #3
    Join Date
    Jan 2006
    Posts
    4,221

    Re: How to stop centos hack attempts

    I use DenyHosts service to make my server more secure. It is an powerful and efficient tools which block unwanted incoming. DenyHosts is a system which monitor your sever for hacking attempts on the SSH Daemon. As you log shows you a log of failed attempt to access your sever. DenyHosts track those ip's and block them forever. You get deny host form the website - denyhosts.sourceforge.net . Go on this website get DenyHosts and configure it to protect you server. It will only allow your genuine user authenticated by you. Other incoming are blocked. The installation is very simple after downloading the file do this :
    • First decompress the archive file in the place where you want to install. Normally the default directory is /usr/share/denyhosts
    • eg.
      PHP Code:
      mv denyhosts.cfg-dist denyhosts.cfg 
    • Make a clean copy of default config
    • eg.
      PHP Code:
      cp denyhosts.cfg denyhosts.cfg.bk 
    • Now configure it properly as per you needs.

Similar Threads

  1. Replies: 5
    Last Post: 06-05-2011, 10:30 AM
  2. how to upgrade from CentOS 5.5 to centos 5.6
    By manhat in forum Operating Systems
    Replies: 6
    Last Post: 02-05-2011, 04:20 PM
  3. not seeing invalid login attempts in event log
    By OmJaa in forum Active Directory
    Replies: 2
    Last Post: 27-02-2009, 06:52 PM
  4. Lots of 529 failed logon attempts
    By sevaanan in forum Windows Security
    Replies: 1
    Last Post: 22-12-2008, 06:17 PM
  5. Maximum password attempts
    By geekboy in forum Tips & Tweaks
    Replies: 4
    Last Post: 01-08-2008, 06:23 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,711,760.76105 seconds with 17 queries