BFD (how many for you?)

[sumacbob]

Just curious, not a complaint as such

I`ve been a with few vps providers before, but I took advantage of the recent JPC special to test their services before moving sites onto the server.

Anyways, I`ve always had BFD installed on my vps`s, who doesn`t?

With my other VPS`s I rarely had problems with brute force detections, indeed in the two years prior to to my JPC VPS I can count on one hand the amount of times BFD had banned an IP.

Maybe I was just lucky, but why is in the weeks I`ve had my VPS here at JPC, I get brute force ban emails every single day, usually many times a day. Heck I haven`t even put any sites on this server yet.

Yet, with my other providers some used for many months I rarely ever had a BFD attack and ban.

The IP#`s provided by JPC, are well used before being handed out?

[JPC-Masood]

You were either lucky or something not setup right before. These attacks are automatic scans from hijacked PCs/servers or bots, so pretty normal to see attacks daily.

[thisisit3]

If you use the default BFD rules that come with it then you won't see many attacks because the default rules are just cr*p, outdated and pretty much useless.

If you use my rules (posted below in my signature) then you'll see very frequent attacks since my rules are fully updated most current attacks.

[rafaelsorto]

I've never used BFD just iptables with everything blocked except the services ports like web, ftp, etc, and i always move ssh to another port.

2 years no problems , scanning with rkhunter every weekend

[thisisit3]

BFD has nothing to do with ports, thats something handled by "portsentry".

BFD checks logs for various attacks: exim logs, apache logs, email logs, etc. If you are not using BFD then i suggest you give it a try, it detects all kinds of attacks on your running services.

[rafaelsorto]

Sorry i was not specific enough , i wasn't saying BFD is for ports , i was just telling that firewall using iptables seems enough for me

[thisisit3]

Again, iptables (firewalls etc) has nothing to do with BFD.

iptables allows access to your web server right? then anyone can run a scan to check what kind of software you are running on your web server, they can do user attacks, script attacks, buffer overflow attacks, exploit attacks so on and so forth.

BFD checks your logs for these kind of attacks and bans IP addresses based on a set of rules.

iptables is not enough, iptables only controls access to ports and nothing more.

[rafaelsorto]

thisisit3 if im talking about BFD its because i know what it is.

sumacbob was asking who does not have BFD , i was answering that i do not use BFD i only protect my servers using iptables as firewall. And scanning the server for rootkits, patching my software, etc.

The attacks that i think are worth the effort protecting against are syn floods and apache/"put the name of your webserver here" bandwidth consumption, tcp overflow, excuse me if im wrong but i think theres nothing BFD can do against this.

IMHO if it is a good atack BDF will have nothing to do.

Regards,
Rafael