some_guy@lemmy.sdf.org to Technology@lemmy.world · 1 year agoI use Zip Bombs to Protect my Serveridiallo.comexternal-linkmessage-square104linkfedilinkarrow-up1581arrow-down115file-text
arrow-up1566arrow-down1external-linkI use Zip Bombs to Protect my Serveridiallo.comsome_guy@lemmy.sdf.org to Technology@lemmy.world · 1 year agomessage-square104linkfedilinkfile-text
minus-squareairgapped@piefed.sociallinkfedilinkEnglisharrow-up13·1 year agoSetting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.
minus-squareWFloyd@lemmy.worldlinkfedilinkEnglisharrow-up4·1 year agoI’ve found great success using a hardened ssh config with a limited set of supported Cyphers/MACs/KexAlgorithms. Nothing ever gets far enough to even trigger fail2ban. Then of course it’s key only login from there.
Setting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.
I’ve found great success using a hardened ssh config with a limited set of supported
Cyphers/MACs/KexAlgorithms. Nothing ever gets far enough to even triggerfail2ban. Then of course it’s key only login from there.