I use iptables, but all my servers have public IPs, for we do telecommunications. If my firewall is down for any reason and I don't catch it, they will hack me. I don't know how they do it, for I have password authentication disabled, but they hack me and it's always via Centos 7 machines. But Openssh in Centos 7 is so old that cannot communicate with newer machines, they cannot agree on protocols and ciphers, etc. So I am trying to compile openssh latest in Centos 7, but no libwrap support. The perfect storm. They have been installing Bitcoin miners right and left. I think that they penetrate a single box that is left with password authentication =yes, and do a lateral infection. The only failsafe solution is to use hosts.allow. They can take down a powerplant with this technique. To remove libwrap was a completely irresponsible move. On Wed, Jun 23, 2021 at 12:19 PM Brian Candler <b.candler@xxxxxxxxx> wrote: > On 23/06/2021 17:03, Saint Michael wrote: > > I got hacked in 72 servers this week, they installed Bitcoin miners. > > Are you saying this happened through opensshd? > > What specifically was the cause: do you allow password authentication > for example? > > You can control this by IP address with "Match" clauses in sshd_config. > For example: > > PasswordAuthentication no > > Match Address 10.0.0.0/8,fc00::/7 > PasswordAuthentication yes > > This will allow passwords only from the 10.0.0.0/8 and fc00::/7 > networks, forcing connections from the Internet to use a proper > authentication mechanism (e.g. keys) > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
