OT: SSH RSA Keys, I keep getting hacked, help me figure out keys Options

[bd1308]

(IMG:style_emoticons/default/fyou1.gif)

Today for the fourty millionth time I get a email saying that somone tried a brute force attack on my linux server, and when i checked, sure enough I had a trojan installed.

I'm *REAL* fed up with this. Like up to here (hand above head)

I want to lock down my box, nobody on the IRC wants to talk...

I made these keys but I honestly dont know how to make this work.

I'm literally stumped. I'll try playing around some more.

b

[yeahmag]

SSH keys won't help you from a brute force attack. Good passwords, updates/patches, and iptables will though. That being said, here is a good write up on them:

http://pkeck.myweb.uga.edu/ssh/

-Aaron

[bd1308]

Yeah I need a mail server fairly quickly.

b

[Rand]

Hey Britt, have you heard what Google is doing with hosted mail? I'm not talking Gmail, I'm talking a beta program they have for domain-based email. I got an invite from them and am evaluating it.

I manage Exchange mail servers for most of my larger clients and am not looking to move away from that for serious business accounts, but this new Google thing is worth looking at. They manage the mail server completely, but the accounts are all at YOUR domain. Do some searching on it. If you're interested, I'll try and help you get an invite to the program.

[bd1308]

That woudl be awesome


Ive had it with Linode.

I love linux, but they just screwed up big. Let me know what you come up with.

Here I am thinking my passwords suck and its MY fault that im getting hacked only after a couple of days, and come to find out its Linode's fault.

Please let me know.

b

[Rand]

Start HERE. Let me know if you hit a dead end accompanied with verbage about needing an invitation.

[SirAndy]

Today for the fourty millionth time I get a email saying that somone tried a brute force attack on my linux server, and when i checked, sure enough I had a trojan installed.

get a windows box! (IMG:style_emoticons/default/av-943.gif)

haha, oh man, i've been waiting to say that ... (IMG:style_emoticons/default/biggrin.gif)

hail to the OS without hackers and viruses! or not ... (IMG:style_emoticons/default/owned.gif)


will people ever realize that the amount of viruses and hack-attacks is directly proportional to the exposure/marketshare of the targeted OS?
(IMG:style_emoticons/default/cool_shades.gif) Andy

[bd1308]

OK im in, I have to make a MX record pointing where?

[Rand]

OK im in, I have to make a MX record pointing where?

They should send you an email that explains how to log in to the control panel, configure the DNS/MX records, etc.

[bd1308]

Andy I own stock in MS,

I still will never own a MS box, I have my reasons.

The issue with MANAGED HOSTING and VIRTUAL HOSTING, is that security issues with one sector of a server messes with another, so I could be getting attacks from inside of the data center.

I dont want to go into why I like Linux, I just think MS could be doing a better job.

Did you catch the patch for the patch for the problem MS released recently?

Its like those damn service stations, go in for a check engine light and come out needing a O2 sensor replaced, and then coming back out needing the MAP sensor replaced

This isnt an issue of OS.


Honestly im not pissed, I lost about ten customers I had saved in my email with contact info, so figure about 700 bucks tubed.

Andy I dont wish to make this an issue of 'which OS is better'

I'd rather just stick to solving problems.

And Andy, if teh software writers FOLLOWED MICROSOFT GUIDELINES when writing software, there would be VERY LITTLE security holes to patch.

But to be cheap, people cut corners and such, bc time is money....

With linux its more of a labor of love, unless you go with paid distributions....


b

[bd1308]

Crap that assumes I have email functioning


(IMG:style_emoticons/default/sad.gif)

[Rand]

I think you can answer this debate by tabulating the results of who uses Linux and who uses Microsoft solutions. Maybe I'm bubble boy, but in my circles, the big time companies use Microsoft solutions many many more times than *nux. Don't get me wrong, I appreciate what Linux is about. But in the serious business world, Microsoft squishes Xnix, Xnux, etc.. Because of that, they are a huge target.

Where the Kumhos really meet the tarmac is at the ADMINS. If they are on top of their game, they can head off most of the crap because of their educated and proactive efforts. One camp has a huge team of open source genuises working on their stuff. Another has a multi-billion-dollar corporation working on theirs. Backing helps, but admins make the difference.

[bd1308]

Andy, I do have to admit something though. I wished that Microsoft would crack down on people writing dumbass code for thier OS.

The only thing the GPL has going for them is various levels of support and depending on the writer's or developer's level of rule-following, the program is placed into different catagories

STABLE = current
TESTING
NON-FREE = doesnt follow GPL
UNIVERSE = anything goes...


b

[Chris Hamilton]

I think you can answer this debate by tabulating the results of who uses Linux and who uses Microsoft solutions. Maybe I'm bubble boy, but in my circles, the big time companies use Microsoft solutions many many more times than Linux. Don't get me wrong, I appreciate what Linux is about. But in the serious business world, Microsoft squishes Xnix, Xnux, etc.. Because of that, they are a huge target. But the admins that are on top of their game don't have the problems because the solutions are prompt. Again because it's expected and backed by a multi-billion dollar corp. Not because some team of open source guys are working on it. What world are you in?

Then again we do have small-time companies like yahoo and google using *nix.

[Rand]

You're right. I guess I'm looking at the overall averages. I really should have thought better before posting anything that suggested one company/technology was superior.

At any rate, props to all the really good IT managers, of all camps! That's the true fulcrum.

I wonder how many of them drive a 914? (Thus revealing their true character and intelligence. Umm, is that good?)

(IMG:style_emoticons/default/laugh.gif) (IMG:style_emoticons/default/smilie_pokal.gif)

[bd1308]

Im not getting involved.

It all comes down to writing GOOD SOFWARE to work with GOOD operating systems.

MS has the issue of cheap bastard companies writing software, they dont care anything about security so holes are left opened, and its up to MS to patch them.

Check out GRC.com

b

[yeahmag]

I've been running RHEL for years now and following good practices - simple things; good passwords, nightly updates, sane iptables, I have yet to have any machine I manage be compromised.

The only time we are compromised is through weak passwords, a break down in the patching system (like a full disk), or through *user error*. Most of these problems can rather easily be addressed.

Linux is fine. As with any operating system you have to think it through and follow recommended practices. I truely don't see how anyone that's not an SA can keep a box on the net these days. It's bad out there.

I'd be glad to help in anyway I can.

-Aaron

[bd1308]

I manage several computers remotely, and if they stay offline for the most part, my job is easy.

But others.....

(IMG:style_emoticons/default/fyou1.gif)

[bd1308]

the face is saying MA MORE

[SirAndy]

Andy I dont wish to make this an issue of 'which OS is better'

i guess the point i was trying to make was lost on you ...
please re-read my previous post.

to put it in simple words, there is no such thing as a "better" OS. different, yes. better, no. they *all* have their good parts and their not so good parts.

like i said, the amount of "outside" crap you have to deal with is directly proportional to the marketshare of the OS and has nothing to do with quality (or lack of) ...

if you're a hacker, would you go trough all the trouble and time (and the possiblity of a lot of jail-time) to write a virus for a OS that no-one uses?
probably not ...

and anybody who says that Mac's don't crash obviously has never used his even close to it's potential.
but at least the little bomb with the lit fuse was more creative than the blue screen of death on windows.
and as any good unix sys-admin can assure you, those very long overnight hours weren't just spent watching that box run smoothly either ...

(IMG:style_emoticons/default/bye1.gif) Andy <-- who's sitting in front of a WinXP box browsing the clubsite, WinSCP3ing and VNC'd into a linux box across the room compiling some c-libraries and setting up a tomcat webservice while setting up a compaq win2000 server that's sitting on my desk while FTP-ing onto another win2000 server at the colo to do some software upgrades and VNC'd into a WinNT server at the colo to figure out a memory leak related to the PHP runtime and at the same time WinSCP3-ing to another Linux server in boise through a cisco VPN client ...