Ports, to switch or not to switch?

I’m setting up a new webserver, and many places recommend using non-standard ports for ssh and sftp, to protect against brute force attack from drive by hacker bots. But I’ve also seen some references that doing so provides a false sense of security and can also be detrimental. I switched the ports and saw brute force attacks drop precipitously, but with all the other security measures that I’ve implemented, should I consider switching them back to the default?

4 Likes

Meh, why bother? Switching back adds nothing of value over leaving as ism

6 Likes

I think it’s a false sense of security if that’s the only measure you take, but you’ve already seen the benefit so why would you change back?

6 Likes

I would guess that the false sense of security is only an issue for those who might hope that obscuring their ports would make the server sufficiently secure. I doubt that it ever hurts to do, only it isn’t a substitute.

ETA: Ninjad!

4 Likes

One very useful thing about drastically cutting back on brute force attacks: if you continue monitoring login attempts (as I hope you would), this makes it much easier to focus on attacks that are more of a threat than the random dumb bots that are always scanning for easy targets.

This also makes it easier to focus on the other possible routes in. For webservers, in my experience, unless you’re doing shared hosting with users who are permitted to have bad password habits, SSH usually isn’t the route in that will get you… it’s a possibility, but you’re more likely to get hit on an exploitable web app that doesn’t have other layers of defense locked down.

3 Likes

I was surprised to see someone was knocking on the exim door this morning.

2 Likes

:notes: Knock, Knock, Knocking on Exim’s Door… :notes:

4 Likes

(groans and applauds)

3 Likes