Login attacks

Gerry Doris gdoris at rogers.com
Tue Dec 7 22:46:50 UTC 2004


On Tue, 2004-12-07 at 15:24, Michael Yep wrote:
> Hello
> 
> In my LogWatch report I get many login attacks, many from the same IP address.
> 
> sshd:
>     Authentication Failures:
>        root (218.232.109.187): 59 Time(s)
>        adm (218.232.109.187): 2 Time(s)
>        apache (218.232.109.187): 1 Time(s)
>        nobody (218.232.109.187): 1 Time(s)
>        operator (218.232.109.187): 1 Time(s)
>     Invalid Users:
>        Unknown Account: 43 Time(s)
> 
> I have permitRootLogin set to NO, and I use strong passwords, but can I 
> just add these IP addresses to hosts.deny?
> and if so how would I set that up
> 
> 
> 
> Michael Yep
> Development / Technical Operations
> RemoteLink, Inc.

I had so many problems with the 218.0.0.0/24 domain that I totally
blocked the entire domain.  I believe this domain is in Korea.

-- 
Gerry Doris <gdoris at rogers.com>




More information about the fedora-list mailing list