hacker

[eon]

Today someone tried to hack my private-home-server via SSH.
Now I placed his IP 61.218.130.20 in hosts.deny.

List:
61.x.x.x
222.x.x.x
221.x.x.x
220.x.x.x
and
64.95.221.x

Is that enough? Or do I need to restart something?

[se.nsuo.us]

I presume you have a proper type firewall?

It is best to close everything (services) except what you really need and that too for known set of IPs

[nephoto]

ya some dickhead hacked my comments on my blog the other night, just made it so that if anyone tried to leave one it would pop up a big red screen talking about how pp's html wasn't secure with a big smiley face. Also if you went to the comments section in the admin panel it would load it as well. I had to delete the image and then I updated from 1.4.2 to 1.4.3 so hopefully that helps.

did you delete that comment in your database, using PHPadmin for example?

[eon]

Quote:

Originally Posted by se.nsuo.us

I presume you have a proper type firewall?

It is best to close everything (services) except what you really need and that too for known set of IPs

SSH is a normal service on my server. Is it the right way to use hosts.deny to block ip-ranges?

[GeoS+]

Try to move SSH to some other port then 22 and some over 1024

[se.nsuo.us]

Quote:

Originally Posted by eon

SSH is a normal service on my server. Is it the right way to use hosts.deny to block ip-ranges?

No the proper way is to use IPTables

[nephoto]

Quote:

Originally Posted by Connie

did you delete that comment in your database, using PHPadmin for example?

I had to use the admin panel to delete the image because if I opened the comments in the admin panel it loaded the hack. Afterwards I updated pp and put the image back up again.

[GeoS+]

The best solution is to use some patch which is available at forum.

There are 2 more ways of handling it:
1) use of some MySQL administration tools to delete or replace comment's content (phpMyAdmin, MySQLAdministrator, ...)
2) turn off META redirections in browser and do want you want with this comment (that is future of, i.e. FireFox with webdeveloper plugin)

[eon]

gna gna, I think two problems mixed up here
My hacker/server problem and the deface problem. But it is alright.

Port 1024 instand of 22 is no option. With a scanner you can just pickout the port. I need a system that blocks the ip for a while when you try for several times with badluck .