I believe I made it clear that UbuntuWeblogs shouldn’t be used to spread messages, which is the exact intention of this post.

Skirting around the obvious moral and philosophical issues, let’s merely discuss the technical ones. Blocking all of slicehost doesn’t actually fix the problem. The problem is you don’t want people breaking into your machine,. No one likes people attempting to do just that, but… you do run a public ftp server.

Here’s what you do:

Run a good firewall. If you use shorewall you can trivially add a rule that limits the number of connected attempts (by port / service) per time period. I limit people to 3 connection attempts and then block them for 15 minutes. Imagine trying to brute force that, it’d take forever! People will just move on to the next machine. You can even specify a port that you can connect to to reset the timed block if you accidentally lock yourself out.

Try to remember that security through obscurity is not security at all. Blocking people and using a good firewall help, but they don’t solve the problem. You need to feel confident that if someone gets in to your machine it’s not going to be that big of a deal:

- Ensure root cannot ssh in
- Make sure all accounts except the bare minimum have shell rights
- Make sure all accounts except the bare minimum have sudo access
- Use STRONG passwords on all shell and sudo enabled accounts
- Run nightly rootkit and system integrity scanners (ie, rkhunter, aide, etc)

There’s tons more you can do too. Basically, complaining about the problem to all of us, and the slicehost admins, doesn’t fix the problem. Do what you can so that when you see people trying to break in (which IS going to happen no matter what), you don’t feel you need to worry about it!