Security - blocking Korean IP ranges

Events happening in the community are now at Drupal community events on www.drupal.org.
barwonhack's picture

Just wondering is there is any specific approach to (additional) server security for Debian Squeeze BOA?

I want to block specific country IP ranges (eg: Nth Korean origin of root SSH log in attempt).

Additionally, any specific advice on non-BOA Debian installation and configuration options?

In addition to blocking certain country IP ranges that simply are not within my target audience, I am also looking at installing fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page) for more dynamic protection.

I figure this is best applied at the system level and that site-specific controls may then be applied at nginx and drupal levels.

Comments

change ssh port and disable pw login for ssh

hafnius's picture

If you havent done so already i recommend disabling ssh password login and using ssh keys instead. Further its a good idea to change the port that ssh listens on to something else, eg 55678. In my world that removes the need to block a specific country range. Hope this helps

You don't need any extra

memtkmcc's picture

You don't need any extra firewall if you already installed csf/lfd (by default coming with Barracuda). You can easily block IPs or subnets it the config file /etc/csf/csf.deny (see how-to in comments there) and then restart the firewall with service csf restart.

BOA

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: