Tuesday, March 1, 2016

How to Fail When Exposing a Linux Server to the Internet

Recently I restarted an old dream of having a home server out of an old computer.  Years ago I took my old desktop and decided that it was a prime candidate.  64bit AMD processor 8GB's of RAM and a 1TB Hard drive seemed like the perfect fit.  I had another 20GB hard drive laying around that I used as a host for the OS.  Flash forward 5 years and when I'm actually in the IT field, and I decided to make the main HDD a TB as well.  So I reinstalled Ubuntu 14.04 LTS, and started to play around.

One of the first things I couldn't wait to do was have the ability to SSH into my machine.  I got this setup in a day and was so excited.  So what is a person to do with this capability?  Setup a DDNS and remote in via SSH.  This seemed like the coolest thing in the world.  The ability to sign in to my home server from anywhere!!!  But wait, if I can sign in from anywhere, so could anyone else.

A friend of mine is a Project Manager for an IT company where I live.  In particular, he manages projects in the security side of his company.  So at lunch a couple days ago I was talking about my home server and how happy I was with being able to SSH into it from anywhere.  The first thing out of his mouth was, "I hope you're not using default ports."  My stomach dropped as I never changed anything that was default when setting anything up.  As soon as I got home I grepped the auth.log file in the ssh folder for *failed and the results were daunting.  At a minimum, I was getting hit every 4 seconds. Anywhere from Australia to Amsterdam, hackers were trying to hit my open ports.

So lesson learned that I want to share with anyone is if you want to create a home server that you expose to the internet, use a VPN, or if you stick with SSH, at a minimum change the default port.

-kwiknick

No comments:

Post a Comment