Why is your fly open to the world?

"Your Fly is Open"  	Nikowsk 26 August 2017, 21:47:22
https://commons.wikimedia.org/wiki/File:Your_Fly_Is_Open.jpg

Do you walk around often with your fly open? In a word, NO! So why is your IT stuff open to the world? Think about it…

After years of experiencing consistent and repetitive attacks on the secure shell and WordPress login, I started to wonder why that was occurring. What is the reason that there are continuous attacks on the shell and login? Because my stuff was open to the world, plain and simple. The barn door is open, son.

Do you travel and work throughout the world? Do you administer your server, firewall, or whatnot from random countries, and places like Brazil, Hong Kong, Singapore, Moscow, Nigeria, the Netherlands, etc? If you do, well, this article isn’t for you, I’m jealous, and please feel free to move along. However, if you are like most workers who have remote logins, the locations from where you log in are rather limited, right? And hence the IP addresses that you log in from are usually also limited.

Got Control?

If you have control of your server firewall and you have a static or semi-static IP address, you may be able to set your firewall so that services only respond to requests from the IP address or a small subset of IP addresses that surround your actual IP address. Depending on the kind of account you have with your ISP, you may have a static address. Or one that changes infrequently. Commercial accounts predominantly have static IP addresses.

If your server is on AWS/EC2, you have full control of your firewall. Other providers of cloud infrastructure also allow full control of the firewall. My recommendations here are to:

  • Set your firewall so the secure shell is only open to YOUR IP address or the CIDR24 range around your IP address.
  • Configure .htaccess so you can log in to WordPress ONLY from YOUR IP address or the CIDR24 range around your IP address.

That stops all the bullshit, fait accompli!

The caveat is don’t screw yourself by locking yourself out of your server. Always have an out. On cloud service providers you usually do. Did you do your snapshots? No? It really sucks to have to generate a new AMI from missing snapshots… Also, be prepared to change your firewall settings if your ISP changes your IP address.

So, what are you waiting for? Zipper up that fly, boy!