One of my favorite movies of all time, and one which reveals I’ve been around for a long time, is the 1966 classic “The Russians Are Coming, the Russians Are Coming” with Carl Reiner, Jonathan Winters, and a few of the other World’s funniest people. Written near the apex of the Cold War, the movie tells the story of a U.S.S.R. submarine that runs aground near some bucolic beach somewhere off the coast of Massachusetts or Maine. Hilarity ensues as communists foraging for communications equipment run head-long into the local town folk.
One of my favorite scenes occurs just before the shore party departs from the stranded sub. Lieutenant Rozanov, played by Alan Arkin, is trying to teach the team just enough English to get the townspeople off the street without raising suspicion; as if their thick Slavic accents wouldn’t give it away as they parroted “Emergency, emergency, everyone to get from street.” What cracked me up as a 6-year-old, and even today, is one bit of ‘schtick‘ where Rozanov vainly attempts to get one crew member to stop pronouncing the warning as:
What do I mean by this? Every night, our Linux/Apache-based server runs several scans on the usage logs, emailing me when suspicious activities occur; such as failed logins to the server. Last night, Logwatch reported:
admin/password from 18.104.22.168: 16 Time(s)
admin/password from 22.214.171.124: 14 Time(s)
admin/password from 126.96.36.199: 12 Time(s)
guest/password from 188.8.131.52: 6 Time(s)
guest/password from 184.108.40.206: 4 Time(s)
guest/password from 220.127.116.11: 8 Time(s)
guest/password from 18.104.22.168: 7 Time(s)
guest/password from 22.214.171.124: 2 Time(s)
guest/password from 126.96.36.199: 6 Time(s)
root/password from 188.8.131.52: 18 Time(s)
root/password from 184.108.40.206: 12 Time(s)
root/password from 220.127.116.11: 24 Time(s)
… [snip] …
Obviously, someone is trying to gain access to the server with what is known as a “brute force” or “dictionary” attack. Think of it like a thief with a ring of skeleton keys, trying each one on my front door, then my side door, then my back door until they find one that fits. Only in my case the criminal tried each door several times, employing a different diguise (nationality) for each set of attacks.
Putting up Obstructions
This is why you should NEVER use an operating system’s default accounts; in fact, I suggest deleting accounts such as “guest” and “test” about 1 minute after you install your server software.
Moreover, you should NEVER, EVER, EVER allow console access (SSH or Telnet) to your system via your root account. Instead, set up an account that uses a non-sensical user name – that is a username that can’t be found in the Merriam-Webster’s Dictionary. After you armor this user/account with an even more random/non-sensical password, make it the only account that can access the super user account (SU) via an even more random and non-sensical password.
It may not make your server bullet-proof, but it is certainly is more secure against a dictionary attack than allowing direct shell access to your system with the username “root” and a password of “donuts.”
Barring the Door
Another thing you can do on your server is to deny any future attacks from known neer-do-wells by blocking any access from their IP address. This can be done in the Linux/Apache environment by modifying the file /etc/rc.d/rc.firewall to include the following directive:
There is a better description on how this can be accomplished in an article entitled “IPTables, blocking multiple ip addresses.”
You can also go one step further and block access from an entire range of IP addresses via the file /etc/hosts.deny:
As with anything Linux, adding these blocks to your existing security files can be automated, as demonstrated in the SecurityFocus.com post “route add to block IP’s.”
As I’ve said before, I’m not a Linux/Security guru. In fact, I work under the premise that one day, a determined hacker will wack my server. Which is why I put so emphasis on backups, restorations and contigency plans.
Still, it doesn’t hurt to lock the doors and windows before you go out for an evening of Perogies and Pickled Eggs.