rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Is My Pi Safe?

Fri Apr 03, 2015 10:57 pm

I ran ssh with a new password and someone guested the password and got root access to my pi and the apache server that was running on my pi. I installed Fial2Ban and I port forwarded my pi with a new much longer password (22 character) and limited ssh password retries to 6 times and I would like to know can someone still get root access on my pi? How do I set Fial2Ban to permanently block a ip once the 6 tries are used up? I only see a number of how many seconds the ip is banned and then the pi is allowed another 6 tries.
Last edited by rpiswag on Fri Apr 03, 2015 11:23 pm, edited 1 time in total.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

ame
Posts: 3172
Joined: Sat Aug 18, 2012 1:21 am
Location: New Zealand

Re: Is My Pi Safe?

Fri Apr 03, 2015 11:09 pm

No, it's not safe. Reformat and reinstall. You don't know what the intruder did to your system in the time he was connected.

User avatar
Forgotten01
Posts: 162
Joined: Sun Dec 01, 2013 6:06 pm

Re: Is My Pi Safe?

Fri Apr 03, 2015 11:17 pm

don't forget to change the password
Engineers like to solve problems. If there are no problems handily available, they will create their own problems.
Scott Adams

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Fri Apr 03, 2015 11:21 pm

I reformatted the sd card several times. Now about the question I asked before how do I set Fial2Ban to permanently block a ip once the 6 tries are used up? I only see a number of how many seconds the ip is banned and then the pi is allowed another 6 tries.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
jojopi
Posts: 3144
Joined: Tue Oct 11, 2011 8:38 pm

Re: Is My Pi Safe?

Fri Apr 03, 2015 11:49 pm

What makes you think that someone guessed your password? Given that you can never use that password again, would you disclose it here so we can opine on whether it was secure?

Blocking access after a certain number of failed attempts à la Fial4Fun is neither necessary nor sufficient to keep people out of your Pi. If you open SSH to the world, and support password authentication at all, you need passwords that will withstand billions of guesses and you need to keep all passwords secret.

There is no such thing as a password that can be realistically guessed but cannot be guessed in six attempts times the number of IP addresses the attacker might be able to use.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 12:10 am

The password was [email protected]$$word12. My new password is 23 characters long. I made the old password and had no password retry limit. I still need to figure out how to permanently block ip addresses instead of putting a ban time limit like 600 seconds or 10 minutes. I know this isn't necessary but I want to do it anyway.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

User avatar
topguy
Posts: 6287
Joined: Tue Oct 09, 2012 11:46 am
Location: Trondheim, Norway

Re: Is My Pi Safe?

Sat Apr 04, 2015 12:37 am

My googling for "fail2ban ban forever" suggests setting "bantime=-1".

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:37 am

I used the google and a website told me that setting ban time to -1 like topguy said will ban the ip addresses forever.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:52 am

Now that I have made a strong password that is over 23 characters and have fail2ban running with my apache server running is my pi safe?
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6195
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is My Pi Safe?

Sat Apr 04, 2015 5:10 am

Depends on what apache is running.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 25430
Joined: Sat Jul 30, 2011 7:41 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 9:35 am

rpiswag wrote:The password was [email protected]$$word12. My new password is 23 characters long. I made the old password and had no password retry limit. I still need to figure out how to permanently block ip addresses instead of putting a ban time limit like 600 seconds or 10 minutes. I know this isn't necessary but I want to do it anyway.
That is not a secure password, despite the rather obvious obfuscation, there are only a few combinations a cracker need to try before guessing it.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
“I own the world’s worst thesaurus. Not only is it awful, it’s awful."

User avatar
Jednorozec
Posts: 809
Joined: Sun Nov 24, 2013 2:17 pm
Location: Deposit, NY

Re: Is My Pi Safe?

Sat Apr 04, 2015 10:07 am

Your computers would be a lot more secure if you disconnected all of them from the internet and then turned the power off.
The most important leg of a three legged stool is the one that's missing.
It's called thinking. Why don't you try it sometime?

User avatar
morphy_richards
Posts: 1603
Joined: Mon Mar 05, 2012 3:26 pm
Location: Epping Forest
Contact: Website

Re: Is My Pi Safe?

Sat Apr 04, 2015 10:14 am

Well done for figuring out that you need port forwarding and for researching methods for security. I'm curious about what you intend to host on this web server of yours. :?:

Heater
Posts: 14720
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 11:20 am

rpiswag,
...is my pi safe?
The problem is nobody can ever honestly say "Yes, your Pi is safe".

All software has bugs, bugs can be security holes. No body can be certain that your ssh or Apache or anything Apache is running is bug free. So nobody can say it is safe.

You may have heard of recent panics over bugs being exploited. Google "heartbleed". Caused by bugs that were years old.

The best assumption is that "no your Pi is not safe". There will always be people looking for ways to eat your Pi :)

Like, keeping your home safe, the best you can do is take reasonable precautions and be vigilant at all times. Keep your software up to date. Don't put any info you don't want people to have anywhere where they can see it.

You might like to have some fun with security scanning your machine. Install a vulnerability testing program on another machine and have it scan your Pi. For example http://www.openvas.org/. I guess there are other such tools.

Heck, even a port scan with nmpap from another machine would be a quick check of what ports you may have accidentally have open on the Pi.
Memory in C++ is a leaky abstraction .

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 12:55 pm

When I say is my pi safe I mean from the point of view of a ssh attacker and that he is trying all possible combinations. Fail2Ban has been running successfully and I white listed my computer. I have had 11 ip addresses be banned in less than an hour. When I ran ssh on my pi before port forwarded I got over 50,000 brute force attempts a day but with Fail2Ban running I get less 100 attempts a day. When I ran the command sudo iptables -L I noticed that many of the ip addresses start with 218. Here is a list of banned ip addresses.

Code: Select all

[email protected] ~ $ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-dropbear  tcp  --  anywhere             anywhere             multiport dports ssh
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-dropbear (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
DROP       all  --  23.30.65.218.broad.xy.jx.dynamic.163data.com.cn  anywhere            
DROP       all  --  s217.silver.servdiscount-customer.com  anywhere            
DROP       all  --  182.100.67.113       anywhere            
DROP       all  --  182.215.0.181        anywhere            
DROP       all  --  182.100.67.102       anywhere            
DROP       all  --  182.100.67.114       anywhere            
DROP       all  --  60.190.71.52         anywhere            
DROP       all  --  182.100.67.112       anywhere            
DROP       all  --  pool-72-84-227-118.rcmdva.fios.verizon.net  anywhere            
DROP       all  --  218.87.111.110       anywhere            
DROP       all  --  ool-6039ae8a.static.optonline.net  anywhere            
DROP       all  --  ec2-52-4-232-145.compute-1.amazonaws.com  anywhere            
RETURN     all  --  anywhere             anywhere            
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

ktb
Posts: 1447
Joined: Fri Dec 26, 2014 7:53 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:03 pm

These are very unlikely to be active attackers and the activity you are seeing is most likely caused by automated scripts/bots picking low-hanging fruit.

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6195
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:13 pm

Yeah, computer security is a lot like any other kind of security. You can make it difficult enough to break into your house that most would-be robbers won't bother. But if someone is determined and knowledgeable enough, then they could still find a way in. Exposing your computer to the internet results in 100s of people checking for unlocked windows or if you've left a key under the door mat. Your previous setup is about as secure as leaving the windows wide open.</analogy>

Heater
Posts: 14720
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:42 pm

My impression is that if you have nice long and "rare" password you don't need any fail2ban. It's going to take forever for anyone to hit the right username and password.

I suspect it helps to have a user name like "cfafe569d1eeaa84740eac4d8d5509ab" just to make it extra difficult.

Where things like fail2ban help is that if they reject an IP address that saves a lot of processing load in verifying user names and passwords.

If all this does not sound secure enough you should not be using user names and passwords. Use ssh keys instead.


Still, there is always that chance that someone might randomly guess your password first time....:)
Memory in C++ is a leaky abstraction .

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:42 pm

Is my new setup secure? Is my new setup going to stop most attacks through gaining root access through ssh? The chances of someone guesting my new password is literality one in a billion. With only six chances to get it right per ip address I doubt the attacker (bot) would guest the password right.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

KeithSloan
Posts: 321
Joined: Tue Dec 27, 2011 9:09 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:50 pm

I thought the idea of using ssh and access from the internet was that you used keygen rather than passwords. i.e. You set the thing up with passwords then use keygen which you copy to the machine you are going to use to login. Once its working with the exchange of keys then you disable the password login so that you can only login via the exchange of keys. The use of keys involve encryption so is safer than passwords

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6195
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Is My Pi Safe?

Sat Apr 04, 2015 1:55 pm

Disable passwordless sudo, disable password and root login over ssh, use only keys, change the default port. That's 99.9% of the bots dealt with.

Heater
Posts: 14720
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 2:24 pm

rpiswag,
Is my new setup going to stop most attacks through gaining root access through ssh?
First thing is that you should never allow login via ssh as user "root".

"root" is the first most obvious user name to try. And if you happen to have a guessable password, boom, you are pwned.

Second I guess is that any user than can get in via ssh should not have use of sudo.
Memory in C++ is a leaky abstraction .

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 2:49 pm

Heater than what should I change?
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

Heater
Posts: 14720
Joined: Tue Jul 17, 2012 3:02 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 3:00 pm

Memory in C++ is a leaky abstraction .

rpiswag
Posts: 804
Joined: Mon May 19, 2014 10:04 pm

Re: Is My Pi Safe?

Sat Apr 04, 2015 3:17 pm

But does this really make the security better because each computer only gets 6 retries and after that they can't keep brute forcing? They could get the passwords in six tried but the chances of some being able to guess a password that is 40 character long and is completely random with numbers letters and and special characters. Thank you for the link.
A computer's power can't be just measured Gigahertz. It is the same thing with us humans.

Return to “General discussion”