I have a little SVN server, old dell optiplex running debian. I don't have that high demands on my server, because its just a little SVN server... but do want it to be secure.
I just renewed my server to a newer and better optiplex, and started looking a bit into the old server. I took it down after experiencing problems. When I check the logs, its full of brute-force attempts and somehow someone has succeeded to enter my machine. This person created some extra volume called "knarkgosse" with two dirs "root" and "swap1" or something. Don't really know why and what they do, but sure do want to prevent this from happening again. I find this a bit strange though because I change my password ever few months or so, and the passwords are always random letters and numbers put together... not easy to brute-force.
I know I can prevent root from logging in, and use sudoers... and change the SSH port, but what more can I do?
So I have a few questions:
How can I prevent logging in for 5 minutes after X amount of incorrect tries. Or slow tries down after each incorrect try?
Is there some kind of central blacklist which a server can connect to? A blacklist that keeps track of IP addresses that are "unsafe" and should never be granted access?
What more can I do to apply safety to my server?
Like I said earlier, I am running Debian 5 with Apache (www-data user problem?), svn, mysql, php, phpmyadmin, hudson. It is on a home network with port forwarding on 80, 443, 8080, 8180, 23 and 22.