29 Sep
2014
29 Sep
'14
2:43 p.m.
Just to mention it...
Since my machine is shared serving also a public IP, I also do some rate limiting on most "hacked" tcp ports:
PORT_RATE_LIMIT="ssh smtp smtps pop3 pop3s"
# rate limiting against brute force & DDOS # echo -n "Adding IPv4 input connection rate limiting: " for port in $PORT_RATE_LIMIT ; do iptables -A INPUT -p tcp --dport $port -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport $port -m recent --update --seconds 60 --hitcount 8 -j DROP echo -n "$port " done echo ""
Marius, YO2LOJ