I realize it’s been a while again since I last updated my blog, but I have another good excuse. (don’t I always) I spent last weekend updating dns naming schemes to accomodate adding an additional server to my Web Hosting Service. I also setup 3 backup mail servers to handle email for my customers in a store-and-forward fashion should their mailserver be unreachable. I modified the service availability script I previously mentioned even further to act as external monitoring on 4 seperate servers to alert myself and technicians of any issues with either webserver or any of the 3 backup mail servers. The script will not only notify pagers and cellphones but will update a web page with the current status. I even had time after that to rearrange my living room, clean half of the apartment, and help my mom get a new house!

And just to keep you from being too bored, I thought it would be interesting to share some numbers from my firewalls… We’ll start off with the number 2,615. That’s the number of packets the firewalls on 3 of the servers I directly control blocked on Monday. In total, there were 614 unique “attackers” with the most popular port being 1026 with 826 packets from 297 sources. Thanks to DShield for processing my firewall logs and providing those numbers.

Seperately, so far today among my 3 servers I have blocked 5 IPs for 78 illegal SSH login attempts… If you run SSH, you should keep it patched and up to date and make sure your accounts that have SSH access are using strong passwords. The best solution is of course to prevent connections to SSH except from known/trusted IPs. This isn’t always a possibility if you need to have access from anywhere or don’t know where you may need to connect from, but another solution would be to limit the number of allowed sources to minimize the possibility of compromise.

Happy hunting, I’m off to take a quick break before work tomorrow… this usually involves a few hours of sleep.