Timothy Alberts (tal...@msiscales.com)

Oh no..they're out there.  They're watching us now.  They know we're 
talking about them.  :)

That sounds great for getting around a remote dynamic IP address, but
some more authentication/security on that web page is necessary,
otherwise, anyone who finds that web page is given access?

Just a virus you think?  They are some pretty lame account names: judy, 
frank, bob..However they are mixed with general linux accounts:  root, 
ftp, webmaster, mysql, named, etc.  I feel less worried about that (or 
should I)?

Or are you just trying to lull me into a false sense of security?  
Muawhahahaha..

I could do that, but if they already know about it, a simple port scan
and they'll probably find it again.  Plus I gotta go tell all my client 
programs the new port and I don't know how to do that on most of them
(what a hassle).

> 2. use only SSH protocol 2
got it.
> 3. Install some brute force protection which can automatically ban an
> IP on say 5 / 10 failed login attempts
The only software I know that could do this isn't supported anymore
(trisentry) or is too confusing and I don't know it yet (snort).  
Suggestions?

> 4. ONLY allow SSH access from your IP, if it's static. Or signup for a
> DynDNS account, and then only allow SSH access from your DynDNS domain
>
Yeah my home account is on dynamic IP.  I'd love to setup the firewall 
to only allow my home computer.  You're talking about these guys?  
http://www.dyndns.com/ never used them before, but it looks like a good
idea.  Especially since it's free (for 5 hosts) if I read correctly.

iptables..add the ip of the attack source to reject?  They keep moving 
IP, this is very time consuming (but I am doing it).  I don't allow root 
login.  I think I got a good password, and I got keys setup so I know 
I'm talking to my server.