[Solved] Pine64 Crashes
#11
(01-31-2017, 05:24 AM)Luke Wrote:
(01-31-2017, 12:29 AM)dedseason Wrote: Might be a little early, but disabling public SSH access definitely helped. Uptime increased from 1 day to 3 days and counting.

There you go. Also, I saw that a recent update to transmission daemon has solved the issue on that end. 

I will set up a 512mb board, open up port 22, log everything, and wait for it to die. I will share the log here and have smart ppl like pferrick and Xalius take a look at it.

Whatever your port is, add these iptables rules to your server to make sure that the invalid ssh password attempts ( more than three ) block the ip address:


sudo iptables -I INPUT -p tcp --dport 5789 -i eth0 -m state --state NEW -m recent --set

sudo iptables -I INPUT -p tcp --dport 5789 -i eth0 -m state --state NEW -m recent --update --seconds 90 --hitcount 3 -j DROP


What happens is fantastic against the botnet.  Updates every 90 seconds... more than hitcount 3, if not valid then the ip address is blocked.  In order for the botnet to try on that port again, they have to switch up ip addresses, and that takes time.  And your rules are all ready for them... because the next attempt will block THAT address too, and so forth.

Set your ssh port to something above 5000 that only you know... and change it from time to time.

Never expose port 22 on your server to the outside; its just not worth it.
marcushh777    Cool

please join us for a chat @  irc.pine64.xyz:6667   or ssl  irc.pine64.xyz:6697

( I regret that I am not able to respond to personal messages;  let's meet on irc! )
  Reply
#12
(01-31-2017, 07:30 AM)MarkHaysHarris777 Wrote:
(01-31-2017, 05:24 AM)Luke Wrote:
(01-31-2017, 12:29 AM)dedseason Wrote: Might be a little early, but disabling public SSH access definitely helped. Uptime increased from 1 day to 3 days and counting.

There you go. Also, I saw that a recent update to transmission daemon has solved the issue on that end. 

I will set up a 512mb board, open up port 22, log everything, and wait for it to die. I will share the log here and have smart ppl like pferrick and Xalius take a look at it.

Whatever your port is, add these iptables rules to your server to make sure that the invalid ssh password attempts ( more than three ) block the ip address:


sudo iptables -I INPUT -p tcp --dport 5789 -i eth0 -m state --state NEW -m recent --set

sudo iptables -I INPUT -p tcp --dport 5789 -i eth0 -m state --state NEW -m recent --update --seconds 90 --hitcount 3 -j DROP


What happens is fantastic against the botnet.  Updates every 90 seconds... more than hitcount 3, if not valid then the ip address is blocked.  In order for the botnet to try on that port again, they have to switch up ip addresses, and that takes time.  And your rules are all ready for them... because the next attempt will block THAT address too, and so forth.

Set your ssh port to something above 5000 that only you know... and change it from time to time.

Never expose port 22 on your server to the outside;  its just not worth it.

Thanks for the advice. Going to try that after a week or two of uptime.

I was using fail2ban for this purpose, but my ban was only 10 minutes and I would keep getting hammered. And yeah, exposing 22 (and not a custom port) to the public was a mistake Smile
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Manjaro arm on pine64+ roel 2 194 10-19-2019, 05:13 AM
Last Post: roel
  Volumio for PINE64 Released mikelangeloz 11 6,578 03-22-2019, 09:25 AM
Last Post: llungster
  I2S Audio patches for Pine64+ uploaded to GitHub ramstadt 1 270 01-19-2019, 11:31 AM
Last Post: ramstadt
  Pine64: Minimal SDL config Max11 3 524 01-04-2019, 03:47 PM
Last Post: Max11
  Fedora 27 on Pine64 gregjo 18 7,339 01-02-2019, 10:42 PM
Last Post: heatfanjohn
  Official build procedure of ayufan pine64 r.tanaka 0 595 08-21-2018, 10:54 PM
Last Post: r.tanaka
  DKMS on kernel 3.10.107-pine64 obrienmd 5 737 06-21-2018, 05:45 PM
Last Post: evilbunny
  Programming languages support under PINE64 baryluk 5 3,189 03-09-2018, 01:52 AM
Last Post: kaokaobang
  Gentoo for pine64 - longsleep kernel incoherent 0 859 12-09-2017, 08:14 AM
Last Post: incoherent
  Fedora Running On Pine64! cztian 26 5,410 10-26-2017, 05:51 PM
Last Post: gregjo

Forum Jump:


Users browsing this thread: 1 Guest(s)