Login attacks

[Gene Heskett]

On Tuesday 07 December 2004 17:46, Gerry Doris wrote:
>On Tue, 2004-12-07 at 15:24, Michael Yep wrote:
>> Hello
>>
>> In my LogWatch report I get many login attacks, many from the same
>> IP address.
>>
>> sshd:
>>     Authentication Failures:
>>        root (218.232.109.187): 59 Time(s)
>>        adm (218.232.109.187): 2 Time(s)
>>        apache (218.232.109.187): 1 Time(s)
>>        nobody (218.232.109.187): 1 Time(s)
>>        operator (218.232.109.187): 1 Time(s)
>>     Invalid Users:
>>        Unknown Account: 43 Time(s)
>>
>> I have permitRootLogin set to NO, and I use strong passwords, but
>> can I just add these IP addresses to hosts.deny?
>> and if so how would I set that up
>>
>>
>>
>> Michael Yep
>> Development / Technical Operations
>> RemoteLink, Inc.
>
>I had so many problems with the 218.0.0.0/24 domain that I totally
>blocked the entire domain.  I believe this domain is in Korea.
>
>--
>Gerry Doris <gdoris at rogers.com>

Another that bears blocking completely is 64.0.0.0/24 as its 100%
spam of the non-edible variety.  Ditto for 66.0.0.0/24.

Anybody else have any more to contribute?

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.30% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.