attack
Corey
coreyhead at gmail.com
Mon May 9 15:00:13 UTC 2005
Sam Varshavchik wrote:
> roland brouwers writes:
>
>>
>> Hello everybody,
>>
>> Someone is attacking for a certain time on port SSH2
>> He is trying to login as root and uses all kind of usernames.
>> See annexed textfile
>> How can I block a user after x failed logins?
>> Can I do something else?
>
You can also set up hosts.allow and hosts.deny to only allow specific IP
addresses to SSH into your system.
For /etc/hosts.allow:
sshd: LOCAL, 123.456.789.000
Put in the IP addresses of administrators on outside networks separated
by commas.
For /etc/hosts.deny:
sshd: ALL
Unfortunately, if you have dynamic IP addresses that need to get in, you
won't be able to use this feature.
Corey
More information about the fedora-list
mailing list