get ; 1. fail2ban - it blocks failed login ips etc 2. get shorewall or any iptables front end and restrict ips to the ranges u need ( or even specific ips) 3. run ssh on a nonstandard port 4. good, long password these steps will go a long way and will get u started. ----- Original Message ---- > From: Mag Gam <magawake@xxxxxxxxx> > To: CentOS mailing list <centos@xxxxxxxxxx> > Sent: Sunday, June 28, 2009 3:21:25 AM > Subject: server is always getting hacked > > WE have a centos 5.3 install, and our server is keep getting hacked. > We see load averages of 500+ and see people from all over the world > logging into our server (used last). > > Is there a good place to start to avoid these kinds of things? > > For example, here is what I already did. > > Open up sshd port only > setup iptables to only accept port 80 and 22 > No FTP > No other ports are allowed according to IP Tables. > > > I am not sure what else measures I can take. Can someone please assist? > > TIA > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos