Login attacks
Gerry Doris
gdoris at rogers.com
Tue Dec 7 22:46:50 UTC 2004
On Tue, 2004-12-07 at 15:24, Michael Yep wrote:
> Hello
>
> In my LogWatch report I get many login attacks, many from the same IP address.
>
> sshd:
> Authentication Failures:
> root (218.232.109.187): 59 Time(s)
> adm (218.232.109.187): 2 Time(s)
> apache (218.232.109.187): 1 Time(s)
> nobody (218.232.109.187): 1 Time(s)
> operator (218.232.109.187): 1 Time(s)
> Invalid Users:
> Unknown Account: 43 Time(s)
>
> I have permitRootLogin set to NO, and I use strong passwords, but can I
> just add these IP addresses to hosts.deny?
> and if so how would I set that up
>
>
>
> Michael Yep
> Development / Technical Operations
> RemoteLink, Inc.
I had so many problems with the 218.0.0.0/24 domain that I totally
blocked the entire domain. I believe this domain is in Korea.
--
Gerry Doris <gdoris at rogers.com>
More information about the fedora-list
mailing list