Ataques de login, como evadirlos?

Hola,

Resulta que me soltaron una ráfaga de ataques de login, 10 bloqueos cada 1 minuto, ya van como 500 ips bloqueadas, no sé si alguien me quiera hackear el servidor personal que tengo, saben cómo puedo aligerar esto aparte de tener el firewall activado?, ni en HospedRed se ven tantos bloqueos por minuto, apenas 2 o 3 por día.

61.135.88.173 # lfd: (sshd) Failed SSH login from 61.135.88.173 (CN/China/-): 5 in the last 300 secs - Mon Nov 5 17:00:26 2012
91.85.127.38 # lfd: (sshd) Failed SSH login from 91.85.127.38 (GB/United Kingdom/-): 5 in the last 300 secs - Thu Nov 8 22:50:03 2012
209.190.190.196 # lfd: (smtpauth) Failed SMTP AUTH login from 209.190.190.196 (US/United States/-): 5 in the last 300 secs - Thu Nov 8 22:50:09 2012
24.249.159.209 # lfd: (smtpauth) Failed SMTP AUTH login from 24.249.159.209 (US/United States/wsip-24-249-159-209.tu.ok.cox.net): 5 in the last 300 secs - Thu Nov 8 22:50:09 2012
98.211.191.10 # lfd: (smtpauth) Failed SMTP AUTH login from 98.211.191.10 (US/United States/c-98-211-191-10.hsd1.fl.comcast.net): 5 in the last 300 secs - Thu Nov 8 22:50:09 2012
67.76.162.45 # lfd: (smtpauth) Failed SMTP AUTH login from 67.76.162.45 (US/United States/va-67-76-162-45.sta.embarqhsd.net): 5 in the last 300 secs - Thu Nov 8 22:50:14 2012
23.25.216.129 # lfd: (smtpauth) Failed SMTP AUTH login from 23.25.216.129 (US/United States/23-25-216-129-static.hfc.comcastbusiness.net): 5 in the last 300 secs - Thu Nov 8 22:50:14 2012
80.26.50.39 # lfd: (smtpauth) Failed SMTP AUTH login from 80.26.50.39 (ES/Spain/39.Red-80-26-50.staticIP.rima-tde.net): 5 in the last 300 secs - Thu Nov 8 22:50:19 2012
50.39.90.242 # lfd: (smtpauth) Failed SMTP AUTH login from 50.39.90.242 (US/United States/static-50-39-90-242.bvtn.or.frontiernet.net): 5 in the last 300 secs - Thu Nov 8 22:59:01 2012
70.43.109.131 # lfd: (smtpauth) Failed SMTP AUTH login from 70.43.109.131 (US/United States/70.43.109.131.nw.nuvox.net): 5 in the last 300 secs - Thu Nov 8 23:07:42 2012
89.87.130.233 # lfd: (smtpauth) Failed SMTP AUTH login from 89.87.130.233 (FR/France/mail2.servicesfuneraires.fr): 5 in the last 300 secs - Thu Nov 8 23:07:42 2012
75.146.225.49 # lfd: (smtpauth) Failed SMTP AUTH login from 75.146.225.49 (US/United States/75-146-225-49-Philadelphia.hfc.comcastbusiness.net): 5 in the last 300 secs - Thu Nov 8 23:07:42 2012
74.84.111.214 # lfd: (smtpauth) Failed SMTP AUTH login from 74.84.111.214 (US/United States/74-84-111-214.client.mchsi.com): 5 in the last 300 secs - Thu Nov 8 23:07:42 2012
165.228.246.237 # lfd: (smtpauth) Failed SMTP AUTH login from 165.228.246.237 (AU/Australia/firstt3.lnk.telstra.net): 5 in the last 300 secs - Thu Nov 8 23:07:47 2012
24.96.212.163 # lfd: (smtpauth) Failed SMTP AUTH login from 24.96.212.163 (US/United States/user-24-96-212-163.knology.net): 5 in the last 300 secs - Thu Nov 8 23:16:34 2012
120.146.193.153 # lfd: (smtpauth) Failed SMTP AUTH login from 120.146.193.153 (AU/Australia/CPE-120-146-193-153.static.vic.bigpond.net.au): 5 in the last 300 secs - Thu Nov 8 23:16:39 2012
93.63.6.214 # lfd: (smtpauth) Failed SMTP AUTH login from 93.63.6.214 (IT/Italy/93-63-6-214.ip25.fastwebnet.it): 5 in the last 300 secs - Thu Nov 8 23:16:39 2012
108.162.17.130 # lfd: (smtpauth) Failed SMTP AUTH login from 108.162.17.130 (US/United States/ool-6ca21182.static.optonline.net): 5 in the last 300 secs - Thu Nov 8 23:33:40 2012
24.234.155.80 # lfd: (smtpauth) Failed SMTP AUTH login from 24.234.155.80 (US/United States/wsip-24-234-155-80.lv.lv.cox.net): 5 in the last 300 secs - Fri Nov 9 00:06:57 2012
79.157.207.66 # lfd: (smtpauth) Failed SMTP AUTH login from 79.157.207.66 (ES/Spain/66.Red-79-157-207.dynamicIP.rima-tde.net): 5 in the last 300 secs - Fri Nov 9 00:07:02 2012
173.163.9.161 # lfd: (smtpauth) Failed SMTP AUTH login from 173.163.9.161 (US/United States/173-163-9-161-cpennsylvania.hfc.comcastbusiness.net): 5 in the last 300 secs - Fri Nov 9 00:15:34 2012
2.139.216.153 # lfd: (smtpauth) Failed SMTP AUTH login from 2.139.216.153 (ES/Spain/153.Red-2-139-216.staticIP.rima-tde.net): 5 in the last 300 secs - Fri Nov 9 00:39:45 2012
68.160.66.254 # lfd: (smtpauth) Failed SMTP AUTH login from 68.160.66.254 (US/United States/-): 5 in the last 300 secs - Fri Nov 9 00:47:56 2012
23.24.12.243 # lfd: (smtpauth) Failed SMTP AUTH login from 23.24.12.243 (US/United States/23-24-12-243-static.hfc.comcastbusiness.net): 5 in the last 300 secs - Fri Nov 9 01:04:22 2012
50.84.168.222 # lfd: (smtpauth) Failed SMTP AUTH login from 50.84.168.222 (US/United States/rrcs-50-84-168-222.sw.biz.rr.com): 5 in the last 300 secs - Fri Nov 9 01:21:07 2012
98.189.122.23 # lfd: (smtpauth) Failed SMTP AUTH login from 98.189.122.23 (US/United States/wsip-98-189-122-23.oc.oc.cox.net): 5 in the last 300 secs - Fri Nov 9 01:29:33 2012
68.65.129.142 # lfd: (smtpauth) Failed SMTP AUTH login from 68.65.129.142 (US/United States/cust142.telwestnet.net): 5 in the last 300 secs - Fri Nov 9 01:29:33 2012
203.45.134.40 # lfd: (smtpauth) Failed SMTP AUTH login from 203.45.134.40 (AU/Australia/sacrtt6.lnk.telstra.net): 5 in the last 300 secs - Fri Nov 9 01:38:03 2012
94.86.194.251 # lfd: (smtpauth) Failed SMTP AUTH login from 94.86.194.251 (IT/Italy/host251-194-static.86-94-b.business.telecomitalia.it): 5 in the last 300 secs - Fri Nov 9 02:19:20 2012
24.97.64.230 # lfd: (smtpauth) Failed SMTP AUTH login from 24.97.64.230 (US/United States/rrcs-24-97-64-230.nys.biz.rr.com): 5 in the last 300 secs - Fri Nov 9 02:52:21 2012
80.39.125.9 # lfd: (smtpauth) Failed SMTP AUTH login from 80.39.125.9 (ES/Spain/9.Red-80-39-125.staticIP.rima-tde.net): 5 in the last 300 secs - Fri Nov 9 02:52:31 2012
24.106.174.74 # lfd: (smtpauth) Failed SMTP AUTH login from 24.106.174.74 (US/United States/rrcs-24-106-174-74.se.biz.rr.com): 5 in the last 300 secs - Fri Nov 9 03:00:12 2012
24.39.118.70 # lfd: (smtpauth) Failed SMTP AUTH login from 24.39.118.70 (US/United States/rrcs-24-39-118-70.nyc.biz.rr.com): 5 in the last 300 secs - Fri Nov 9 03:39:55 2012
75.127.236.194 # lfd: (smtpauth) Failed SMTP AUTH login from 75.127.236.194 (US/United States/ool-4b7fecc2.static.optonline.net): 5 in the last 300 secs - Fri Nov 9 04:03:31 2012
95.61.84.31 # lfd: (smtpauth) Failed SMTP AUTH login from 95.61.84.31 (ES/Spain/static-31-84-61-95.ipcom.comunitel.net): 5 in the last 300 secs - Fri Nov 9 04:44:49 2012
96.31.63.212 # lfd: (smtpauth) Failed SMTP AUTH login from 96.31.63.212 (US/United States/96-31-63-212.pool.dsl.scrtc.com): 5 in the last 300 secs - Fri Nov 9 05:09:20 2012
173.162.251.81 # lfd: (smtpauth) Failed SMTP AUTH login from 173.162.251.81 (US/United States/173-162-251-81-NewEngland.hfc.comcastbusiness.net): 5 in the last 300 secs - Fri Nov 9 05:25:46 2012
88.26.91.20 # lfd: (smtpauth) Failed SMTP AUTH login from 88.26.91.20 (ES/Spain/20.Red-88-26-91.staticIP.rima-tde.net): 5 in the last 300 secs - Fri Nov 9 05:25:51 2012
75.149.2.246 # lfd: (smtpauth) Failed SMTP AUTH login from 75.149.2.246 (US/United States/75-149-2-246-Pennsylvania.hfc.comcastbusiness.net): 5 in the last 300 secs - Fri Nov 9 05:33:41 2012
95.254.115.2 # lfd: (smtpauth) Failed SMTP AUTH login from 95.254.115.2 (IT/Italy/host2-115-static.254-95-b.business.telecomitalia.it): 5 in the last 300 secs - Fri Nov 9 05:33:46 2012
188.20.201.202 # lfd: (smtpauth) Failed SMTP AUTH login from 188.20.201.202 (AT/Austria/-): 5 in the last 300 secs - Fri Nov 9 07:21:45 2012
93.64.210.123 # lfd: (smtpauth) Failed SMTP AUTH login from 93.64.210.123 (IT/Italy/net-93-64-210-123.cust.dsl.vodafone.it): 5 in the last 300 secs - Fri Nov 9 07:21:45 2012
70.43.24.2 # lfd: (smtpauth) Failed SMTP AUTH login from 70.43.24.2 (US/United States/mail.buxman.com): 5 in the last 300 secs - Fri Nov 9 07:55:26 2012
50.121.152.110 # lfd: (smtpauth) Failed SMTP AUTH login from 50.121.152.110 (US/United States/-): 5 in the last 300 secs - Fri Nov 9 08:03:33 2012
24.230.94.174 # lfd: (smtpauth) Failed SMTP AUTH login from 24.230.94.174 (US/United States/mail.msaunitedway.org): 5 in the last 300 secs - Fri Nov 9 08:03:37 2012
173.12.143.130 # lfd: (smtpauth) Failed SMTP AUTH login from 173.12.143.130 (US/United States/mail.huberandassociates.com): 5 in the last 300 secs - Fri Nov 9 08:12:13 2012
80.36.210.122 # lfd: (smtpauth) Failed SMTP AUTH login from 80.36.210.122 (ES/Spain/122.Red-80-36-210.staticIP.rima-tde.net): 5 in the last 300 secs - Fri Nov 9 08:52:44 2012

 

Bloquea el puerto SSH para todo el mundo excepto para ti...

 

Hay solo dos ataques al servicio SSH los demás son al SMTP, por lo que es poco lo que se puede hacer a menos que estes dispuesto a cerrar los puertos SMTP

CSF/LFD parecen estar haciendo bien su trabajo, en cuanto al SSH cambiar el puerto, desactivar el login por contraseñas (solo key) y restringir las ips desde donde se permite el login ssh minimizarán estos ataques

 

Prueba cambiando el puerto 25 por el 587 y el 22 por cualquier otro.

 

Bueno creo que fue solucionado.

Cambie los puertos SSH, cambie la config de autorizar ips, desactive el SSH, cambie los puertos del SMTP y aumente la seguridad del SMTP, problema resuelto. Esto aparte de hacerlo en mi servidor lo hice en los servers de mi hosting.

Gracias por sus sugerencias.

 

bloque de intrusos

Hay un programita muy chulo, BFD, que te bloquea la IP del usuario que hace login inválido en los servicios que elijas (pop3, smtp, ssh, ftp...). Puedes poner el número de intentos en el número de veces que quieras. De esta manera, los ataques por fuerza bruta los puedes minimizar.

Cada vez que salta un trigger, te meta la IP del "atacante" en el firewall. Puedes crear listas blancas y usar el firewall APF integrado con BFD.

Muy útiles para instalar en cualquier VPS/dedicado y evitar problemas.

Saludos

 

prueba para ssh fail2ban

 

Mira donde te encuentro XD
Usa "supercontraseñas" y evitate problemas.