On Sat, 2004-07-17 at 15:40, Jonathan T. Steadman wrote: > Sorry this is yet another lame question, but I am new to hosting web > server ect. just kinda experimenting actually found in my logs i came > across some garbage (its at the bottom of this email) what do you do > about this? Just let it be? inform ISP? wait and see if it is more > continuous? dont know the proper thing to do i guess just making sure > with you guys. > The first line of defense is usually an IPTables firewall. To help you get started, you might consider downloading webmin which creates a nice browser-based interface to configuration. Yes, others will suggest that this stifles the learning curve but protecting the machine is more important IMO. As a general rule of thumb, close of every port except those that you absolutely need. In this case, do you really need external ssh access? In general just set the default input policy to Drop and then create rules for ports that you want access to. The last line is usually a LOG entry so that you get a print of what you are rejecting. Our small network rejects about 3,000 connections per hour. Once you get that done, you might want to take a look at a package called psad which creates alerts.
