World's Longest Thread

[Chris Vogel]

waste of time? how else would we know where the Undisclosed location mentioned so frequently is?

I’m angered, nervous, and honored that my server is the target of brute force:

[…]
Jun 18 06:26:50 chrisvogel sshd[27530]: Invalid user party from xx.xxx.xxx.xxx
Jun 18 06:26:50 chrisvogel sshd[27530]: pam_unix(sshd:auth): check pass; user unknown
Jun 18 06:26:50 chrisvogel sshd[27530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xx.xxx.xxx.xxx
Jun 18 06:26:52 chrisvogel sshd[27530]: Failed password for invalid user party from xx.xxx.xxx.xxx port 38844 ssh2
[…]

I neglected to mention that I switched to Linode, a VPS provider. VPS in any form is beyond excessive, of course, but I enjoy configuring and maintaining (and breaking) everything myself.

Archived topic from Anythingforums, old topic ID:4, old post ID:66184

[Gubs]

Was talking to a friend, we were going over all the cool stuff that happens in Canada. Point being that near the end of that conversation we just said "lets just move to Canada". Then we were seriously thinking about it..

Archived topic from Anythingforums, old topic ID:4, old post ID:66216

[Red Squirrel]

waste of time? how else would we know where the Undisclosed location mentioned so frequently is?

I’m angered, nervous, and honored that my server is the target of brute force:

[…]
Jun 18 06:26:50 chrisvogel sshd[27530]: Invalid user party from xx.xxx.xxx.xxx
Jun 18 06:26:50 chrisvogel sshd[27530]: pam_unix(sshd:auth): check pass; user unknown
Jun 18 06:26:50 chrisvogel sshd[27530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xx.xxx.xxx.xxx
Jun 18 06:26:52 chrisvogel sshd[27530]: Failed password for invalid user party from xx.xxx.xxx.xxx port 38844 ssh2
[…]

I neglected to mention that I switched to Linode, a VPS provider. VPS in any form is beyond excessive, of course, but I enjoy configuring and maintaining (and breaking) everything myself.

I don't understand why ssh (or any other server app) does not have built in brute force detection. Ex: same IP fails 3 times, lock them out for 5 minutes. They fail again after that, lock them out for an hour. They fail again after that, 24 hours and so on. There is a program called fail2ban that checks logs and does this though.

Also, switch to a non standard port, at least most bots wont bother checking the other ports so you'll save a few GB of bandwidth per month.

Archived topic from Anythingforums, old topic ID:4, old post ID:66217

[Clueless]

so me and my boyfriend toiletpapered our youth leaders car the other night and now we're pretty much in for it. he keeps telling us he has a video camera and that revenge is sweet. hehe it was fun tho. we had chalk so i wrote "your mother was a hamster and your father smelt of elderberries!" in his driveway

Archived topic from Anythingforums, old topic ID:4, old post ID:66219

[Chris Vogel]

I don't understand why ssh (or any other server app) does not have built in brute force detection.

I think it’s more efficient and less error-prone to have a firewall do that than having every application waste time with their own implementation. I’ve set up iptables to limit SSH attempts to three per minute per IP address, which has gotten daily attempts down to the single digits – five in the last two days versus a daily average of 230.

There is a program called fail2ban that checks logs and does this though.

There are several scripts like that, but I suspect the resources spent on checking the logs outweigh the resources wasted by the SSH attempts. (I’m not actually concerned about them breaking in.)

Also, switch to a non standard port, at least most bots wont bother checking the other ports so you'll save a few GB of bandwidth per month.

I was debating that when I set up SSH; I just didn’t want to remember the little colon.

Archived topic from Anythingforums, old topic ID:4, old post ID:66221

[Red Squirrel]

What do you use to detect the attempts? iptables can block them, but you still need something to detect them then set the ip block.

I run my ssh on weird port, like 34. OR if you really want to mess up people run it on port 143 then run https on port 22.

Archived topic from Anythingforums, old topic ID:4, old post ID:66225

[Chris Vogel]

What do you use to detect the attempts?  iptables can block them, but you still need something to detect them then set the ip block.

iptables monitors the traffic on port 22 and throttles the attempts with ipt_recent.

I also manually grep /var/log/auth.log and other logs on a daily basis to see what’s going on. (I’ve been using Linux exclusively for two years and just now realized the beauty of grep.)

I run my ssh on weird port, like 34.  OR if you really want to mess up people run it on port 143 then run https on port 22.

Switching to a nonstandard port will probably be my next step, but I don’t mind the current number of attempts. (I will change the 60-second timeout to something longer though.)

Archived topic from Anythingforums, old topic ID:4, old post ID:66227

[Red Squirrel]

Cool had no idea iptables could look at packets at that level, considering in the case of ssh it would even have to decrypt it so it knows what is happening (ex: user trying to log in and failing)

I had a fun idea actually, think I'm going to do this. Code a server app that listens on a bunch of random ports, if if it detects any connections to those ports it just blocks that IP. Unless advertised somewhere there is no reason for someone to connect to those ports. So port scanners would hit those up then just block themselves.

Win.

Archived topic from Anythingforums, old topic ID:4, old post ID:66228

[Chris Vogel]

Cool had no idea iptables could look at packets at that level, considering in the case of ssh it would even have to decrypt it so it knows what is happening (ex: user trying to log in and failing)

I don’t think iptables does that, because it’s also limiting me to three authenticated sessions per minute. (I’ve logged in and then back out of three sessions one at a time as well as all at once, and I couldn’t create a fourth one in either case.)

My understanding of TCP is sketchy, but I think iptables just counts connections. Attackers would have their connections immediately terminated upon presenting the wrong credentials, so they would have to open another connection. My authenticated connection, on the other hand, would stay opened until I decided to log out, which is typically several minutes after opening it. I don’t think iptables can actually read the data, but it can monitor the connections.

I should put this rule on port 80.

Archived topic from Anythingforums, old topic ID:4, old post ID:66233

[Chris Vogel]

Falling…out…of…my…chair!

Barack Obama is a DEVOUT CHRISTIAN. His favorite book is the BIBLE, which he has memorized. His name means HE WHO LOVES JESUS in the ancient language of Aramaic, which is the language JESUS SPOKE before he learned English. He is PROUD that Jesus was an American.

Archived topic from Anythingforums, old topic ID:4, old post ID:66236

[Cisco_Kid]

Falling…out…of…my…chair!

Barack Obama is a DEVOUT CHRISTIAN. His favorite book is the BIBLE, which he has memorized. His name means HE WHO LOVES JESUS in the ancient language of Aramaic, which is the language JESUS SPOKE before he learned English. He is PROUD that Jesus was an American.

that is great comedy. What form of english was there 2000 years ago, or is my knowledge of linguistics that off?


Listening to Roy Roger's pitch Post cereal on a 1951 broadcast of his radio show and the show such as it is, interesting....Dale and Roy are closer to the Lone Ranger than Gunsmoke. edit2: which was the obvious expectations.

Archived topic from Anythingforums, old topic ID:4, old post ID:66237

[Chris Vogel]

It’s Friday night, and I’m the only one here.

Archived topic from Anythingforums, old topic ID:4, old post ID:66238

[Gubs]

I'm here as well just browsing the web looking for cars.

Archived topic from Anythingforums, old topic ID:4, old post ID:66239

[Red Squirrel]

LOL Jesus was American? Did America even EXIST then? lmao.

Archived topic from Anythingforums, old topic ID:4, old post ID:66240

[Chris Vogel]

I remember the name Jesús being banned when we picked our Spanish names in Spanish class. I wanted to be Rafael anyway.

Archived topic from Anythingforums, old topic ID:4, old post ID:66243

[Gubs]

I think I picked Pablo back in middle school.

I also just finished watching Crank. Wow.. what a waste of time. Jason Statham is a really good actor, but, he keeps getting in these crappy movies with stupid directors and producers.

Archived topic from Anythingforums, old topic ID:4, old post ID:66244

[Chris Vogel]

I also just finished watching Crank. Wow.. what a waste of time. Jason Statham is a really good actor, but, he keeps getting in these crappy movies with stupid directors and producers.

So I take it you’re watching the sequel?

Chelios faces a Chinese mobster who has stolen his nearly indestructible heart and replaced it with a battery-powered ticker that requires regular jolts of electricity to keep working.

I recently rediscovered a movie I used to watch as a kid: East–West. I wonder if I would still like it.

Archived topic from Anythingforums, old topic ID:4, old post ID:66245

[Gubs]

I also just finished watching Crank. Wow.. what a waste of time. Jason Statham is a really good actor, but, he keeps getting in these crappy movies with stupid directors and producers.

So I take it you’re watching the sequel?

@^*&! #&^!@ #^!% (O@* !^... f**#
And its directed by the same two as Crank. I was afraid this was going to happen.. when he bounces off the car and falls near a camera, he blinks.
Course he had about 45 seconds of free fall time to leave a message for Amy after he fell out of a chopper before he bounced off a car and landed about 30-40 feet away from it.
The plot was good, the directing was crap. Jason's acting was awesome, and then there is Amy Smarts character, (I hope shes not really like that outside of acting) with her character its no wonder why most people usually think blonds are..... eh I won't finish that sentence.


Archived topic from Anythingforums, old topic ID:4, old post ID:66246

[manadren]

I kinda liked Crank. It was horribly stupid, but in a fun way. Not exactly a masterpiece, but very popcorn.

Archived topic from Anythingforums, old topic ID:4, old post ID:66247

[Clueless]

yay! my ACT score finally came and i got a 30!

Archived topic from Anythingforums, old topic ID:4, old post ID:66250

[Chris Vogel]

yay! my ACT score finally came and i got a 30!

Congratulations! What was your highest subscore?

Archived topic from Anythingforums, old topic ID:4, old post ID:66252

[Cisco_Kid]

yay! my ACT score finally came and i got a 30!

too lazy to google or investigate otherwise - what is the range of scores on a ACT test? Is that test something like the SAT (I remember that goes to 1200)? Never took either one of those back in my high school days if memory serves.

Archived topic from Anythingforums, old topic ID:4, old post ID:66255

[Red Squirrel]

I took the easy way out in school when it came to acting class. I did the lightning, aka button pusher.

Archived topic from Anythingforums, old topic ID:4, old post ID:66256

[Chris Vogel]

too lazy to google or investigate otherwise - what is the range of scores on a ACT test?

36. According to ACT, the average 2007 composite score was 21.2.

I took the ACT once. You couldn’t pay me enough to take it the number of times my friends did.

Archived topic from Anythingforums, old topic ID:4, old post ID:66257

[manadren]

I never took the ACT. Mind you I did take the PSAT, SAT and one of the SAT II tests.

Archived topic from Anythingforums, old topic ID:4, old post ID:66258