This article explains how to protect exposed SSH ports in cloud‑native environments by deploying CanaryToken honeytokens, hardening SSH configurations, automating detection and response, and building a complete attack‑chain tracing system that reduces intrusion discovery from hours to minutes.
This guide walks you through seven practical SSH hardening techniques—from changing the default port and disabling password logins to deploying Fail2ban, IP whitelisting, connection limits, two‑factor authentication, and a honeypot—showing why each step matters and how to implement it securely.
This article explains four effective techniques to protect SSH from brute‑force attacks—including strong passwords, changing the default port, using non‑root privileged users, and key‑based authentication—followed by detailed examples of configuration changes, Fail2ban installation, jail setup, testing, and IP unbanning procedures.
This article explains how a Raspberry Pi exposed to the Internet was repeatedly attacked via SSH, how the author identified the brute‑force attempts in /var/log/auth.log, and step‑by‑step methods using hosts.allow/deny and ufw to whitelist trusted IPs and block malicious traffic.
This article provides a comprehensive, step‑by‑step tutorial for hardening a CentOS 7.7 server, covering complex password creation, password‑policy configuration, PAM strength settings, login‑attempt limits, disabling root SSH access, changing the SSH port, tightening security‑group rules, command‑history limits, log monitoring, and regular data backup procedures.
This guide walks you through essential CentOS 7.7 server hardening steps—including setting complex passwords, configuring password policies, enforcing password strength, limiting login attempts, disabling root SSH access, changing SSH ports, tightening firewall rules, managing command history, monitoring logs, and scheduling regular backups—to improve system security.
After a routine morning, the author discovers an Alibaba Cloud server frozen due to malicious outbound traffic, then traces a sophisticated malware chain involving a disguised gpg-agentd process, malicious cron jobs, compromised SSH keys, Redis exploitation, and mass scanning, culminating in detailed forensic analysis and security recommendations.
During the Chinese New Year a client’s Oracle‑Tomcat server was overwhelmed by massive UDP traffic, prompting a forensic investigation that uncovered a hidden Trojan, detailed command‑line analysis, iptables hardening, and the root cause of a weak SSH password left after a hardware upgrade.
