Security - blocking Korean IP ranges

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by barwonhack on November 1, 2011 at 1:01am

Just wondering is there is any specific approach to (additional) server security for Debian Squeeze BOA?

I want to block specific country IP ranges (eg: Nth Korean origin of root SSH log in attempt).

Additionally, any specific advice on non-BOA Debian installation and configuration options?

In addition to blocking certain country IP ranges that simply are not within my target audience, I am also looking at installing fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page) for more dynamic protection.

I figure this is best applied at the system level and that site-specific controls may then be applied at nginx and drupal levels.

Categories: ,

Comments

change ssh port and disable pw login for ssh

Posted by hafnius (not verified) on November 5, 2011 at 2:41pm
hafnius's picture

If you havent done so already i recommend disabling ssh password login and using ssh keys instead. Further its a good idea to change the port that ssh listens on to something else, eg 55678. In my world that removes the need to block a specific country range. Hope this helps

You don't need any extra

Posted by memtkmcc on November 20, 2011 at 9:26am

You don't need any extra firewall if you already installed csf/lfd (by default coming with Barracuda). You can easily block IPs or subnets it the config file /etc/csf/csf.deny (see how-to in comments there) and then restart the firewall with service csf restart.

BOA

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /