Naive INtrusion Attacks
I have the following scenario:
*x based dedicated server under my total management of everything except the physical datacentre. Apache and a few "interesting bits" to bolt down security, log of attempted intrusion, detection in so far as we can the undetectable intruder. And a darned good firewall. No exploitable scripts, complex logins and passwords, and all reasonable doors slammed shut against intrusion.
Daily we get probed from random Asia based IP addresses with unpleasantly large robot scripts that try to log in. Often the IP addresses are recognisable as being the nations and service providers that appear not to give a flying ***k about spammers. We assume people are trying for a free ride.
We don't actually want to block all Korean IP space, though we've considered it.
We're not particularly exercised about the attacks except that they use up system resources in denying access to them. Though, one day, a bulk forced login and password cracker could probably get in after a few billion attempts.
What we'd like is advice on anything simple other webmasters have done that we may have forgotten. Or anything complex.
What I am not going to do is list here everything we've done so you can say "Good boy!". That would be counter productive. Nor to I expect any reply to contain a whole shopping list by itself. I am just hoping for each reply to contain one thing. This way we create a long list without exposing any individual's potential soft spot
