July 18, 201510 yr Hey Guys, im having an issue where my server is being attacked by ip's from places like korea, uganda, etc. trying to access things like FTP and TELNET. just wondering if there's an implementation of blacklisting IP addresses from attempting to connect. im using proftpd and have an ftp blocklist setup in the conf, but not their trying to access telnet and other ports on the server. i do need remote access to the server, so closing the ports in the router wont fix my issue. thanks all
July 18, 201510 yr You will need to secure it at your router level, the device which gives you internet access since there is nothing provided for unRAID. You should immediately close all ports to unRAID and use something like a VPN connection to remotely administer the system. It is also an extremely horribly bad decision to ever make an unRAID system available on the internet since it was never designed with security in mind. Hopefully LimeTech will place high priority on designing unRAID with security in mind soon.
July 18, 201510 yr Hey Guys, im having an issue where my server is being attacked by ip's from places like korea, uganda, etc. trying to access things like FTP and TELNET. just wondering if there's an implementation of blacklisting IP addresses from attempting to connect. im using proftpd and have an ftp blocklist setup in the conf, but not their trying to access telnet and other ports on the server. i do need remote access to the server, so closing the ports in the router wont fix my issue. thanks all Depending on your router, it may be possible to load a geo-based blocklist to block all IPs from Russia, China, etc. I don't have a cheapo home router so I can't speak to those, but it's fairly easy if you're using something nice or something software-based like pfSense. When you say "I do need remote access to the server"... what do you mean? For which services? It's fairly straightforward to set up either VPN or reverse proxy access to your services, which will go a long, long ways towards securing things.
July 18, 201510 yr Author i need direct access to ftp and ssh/telnet my router is a top shelf belkin, and i cannot load a blocklist into it
July 18, 201510 yr i need direct access to ftp and ssh/telnet my router is a top shelf belkin, and i cannot load a blocklist into it Setup a VPN into your network but block the unraid box from the internet incoming connections is the only secure way. To do anything else is playing with fire. Ultimately the call is yours, but dont be surprised when the system is compromised and your data is wiped out and stolen.
July 18, 201510 yr Author i use secure passwords for such things where they are on the internet. im not worried about them gaining access, there is only 2 system ports opened, i just find it annoying and would rather see "blocked ip xxx.xx.xx.x attempted login" as apposed to "root login failed for ip xxx.xx.xx.x"
July 18, 201510 yr Community Expert just found etc/hosts.deny thanks all Are you aware that any changes you make in /etc will not survive a reboot?
July 18, 201510 yr i use secure passwords for such things where they are on the internet. im not worried about them gaining access, there is only 2 system ports opened, i just find it annoying and would rather see "blocked ip xxx.xx.xx.x attempted login" as apposed to "root login failed for ip xxx.xx.xx.x" You should worry, if a password and a 200 buck low end router were secure no one would ever get breached. Use a VPN or accept 100% responsibility for the risk you are taking.
July 19, 201510 yr Author just found etc/hosts.deny thanks all Are you aware that any changes you make in /etc will not survive a reboot? yes, i forgot about that. how would you recommend i go about surviving reboot
July 19, 201510 yr Author i use secure passwords for such things where they are on the internet. im not worried about them gaining access, there is only 2 system ports opened, i just find it annoying and would rather see "blocked ip xxx.xx.xx.x attempted login" as apposed to "root login failed for ip xxx.xx.xx.x" You should worry, if a password and a 200 buck low end router were secure no one would ever get breached. Use a VPN or accept 100% responsibility for the risk you are taking. almost nobody buys a 200 dollar router when their provider gives them one for free (99% of people have no concept of free = shit) and i do accept full responsibility, even if i did get breached i would have come here crying
July 19, 201510 yr Community Expert just found etc/hosts.deny thanks all Are you aware that any changes you make in /etc will not survive a reboot? yes, i forgot about that. how would you recommend i go about surviving reboot The usual method is to put something in the go script to make the changes on each boot.
July 19, 201510 yr If you must do this then use a FTP in a container, patch it often , install fail2ban and rate limit using iptables. I would recommend ssfs or scp with certs over ftp every day of the week.
July 20, 201510 yr Author ive gone this route; -disabled stock SSH/TELNET service -Installed ssh plugin from overbyrn -Installed DenyHosts from overbyrn -Installed proftpd plugin -jailed root on all services -setup user logins based on unraid users -setup parameters in denyhosts to instaban root/UNKNOWN/no user use allready got 4 IPs instabanned, seems like bots sounds pretty secure to me, but il take your guys advice and yes i understand that having ports closed to the world is the ultimate security but thats not what i want
Archived
This topic is now archived and is closed to further replies.