Warning about using Webmin (port 10000)

[jamesyeeoc]

For those of you out there who have decided to use Webmin on your Plesk server, be advised that several of my honey pot servers have (the last couple of days) been showing signs of dictionary and brute force password attacks happening.

So if you have not already done so (and I *know* you're out there), you should make sure the interface is only accessible from your IP instead of from all/any IPs....

Make sure (obviously) that you have a *strong* password.

Maybe change the default port from 10000 to some other port.

I just love seeing what they try to do when they find a (sacrificial) server which looks exploitable or hackable..... rofl

...and all they're doing is giving me logs full of their IP addresses to report....

 

[sieb@]

This happens nightly to my ssh and ftp ports, all they accomplish is filling my logs with denied entries.. ug..

 

[jamesyeeoc]

Yeah, I figured those occur all the time, so I don't worry about that, but it's not often I see anyone latch onto port 10000 and try to break a password (not as commonly anyways).

You aren't still running your SSH on the default port are you? (if you are, then shame on you!)

 

[fgilain]

how could i change the default port for SSH ?

 

[jamesyeeoc]

Edit the /etc/ssh/ssh_conf file (or wherever it is on your particular server) and change the Port line to a different number, then restart the sshd service

 

[atomicturtle]

I run mine on the default port, since finding SSH on another port is trivial. A more robust solution would be to use RSA/DSA public key authentication. Then you can disable password authentication completely, so they can try and brute force the port until the cows come home, it would never work.