Today someone tried to hack my private-home-server via SSH.
Now I placed his IP 61.218.130.20 in hosts.deny.

List:
61.x.x.x
222.x.x.x
221.x.x.x
220.x.x.x
and
64.95.221.x

Is that enough? Or do I need to restart something?

I presume you have a proper type firewall?

It is best to close everything (services) except what you really need and that too for known set of IPs

ya some dickhead hacked my comments on my blog the other night, just made it so that if anyone tried to leave one it would pop up a big red screen talking about how pp's html wasn't secure with a big smiley face. Also if you went to the comments section in the admin panel it would load it as well. I had to delete the image and then I updated from 1.4.2 to 1.4.3 so hopefully that helps.

did you delete that comment in your database, using PHPadmin for example?

I presume you have a proper type firewall?

It is best to close everything (services) except what you really need and that too for known set of IPs

SSH is a normal service on my server. Is it the right way to use hosts.deny to block ip-ranges?

Try to move SSH to some other port then 22 and some over 1024 ;)

SSH is a normal service on my server. Is it the right way to use hosts.deny to block ip-ranges?
No the proper way is to use IPTables

did you delete that comment in your database, using PHPadmin for example?
I had to use the admin panel to delete the image because if I opened the comments in the admin panel it loaded the hack. Afterwards I updated pp and put the image back up again.

The best solution is to use some patch which is available at forum.

There are 2 more ways of handling it:
1) use of some MySQL administration tools to delete or replace comment's content (phpMyAdmin, MySQLAdministrator, ...)
2) turn off META redirections in browser and do want you want with this comment (that is future of, i.e. FireFox with webdeveloper plugin)

gna gna, I think two problems mixed up here :D
My hacker/server problem and the deface problem. But it is alright.

Port 1024 instand of 22 is no option. With a scanner you can just pickout the port. I need a system that blocks the ip for a while when you try for several times with badluck ;).

concerning the ssh-problem.. use authentication with public/private keys and disable simple password authentication..

Moving SSH to i.e. 8543 will decrese number of 'HaCkErS' attacks (attack from side of child with computer).

To prevent access to SSH after some number of failture logins you can use BFD (Brute Force Detection).

My photoblog was also "commented" on by the hacker.....
Deleting the comment in the database with phpmyadmin fixed the problem.
thanx for the info in this tread!
good night

Hans
photo.hansdeloof.be

Use Snort and ACID/Base. Perfect for what you are talking about doing for temp protection and whatching port scanners and alike.

I use blockhosts 1.0.4 now and that works oke to block brute-ssh-attacks or brute-ftp-attacks.