annoying brute force attack attempt using ssh
Jason Turning
jturning at sbcglobal.net
Wed May 21 04:41:55 UTC 2008
Gerry Doris wrote:
>
>
> Tim Evans wrote:
>> Scott van Looy wrote:
>>
>>> So I ran
>>> iptables -A INPUT -s 193.239.125.119 -j DROP
>>>
>>
>> This is likely a losing battle, as you'll never be able to keep adding
>> rules for individual IP's.
>>
>> You can, however, configure iptables to *allow* only a specified list of
>> IP addresses (i.e., the ones you approve of).
>>
>> You should also configure sshd to allow only a specified list of users.
>> man sshd_config for details.
>>
>> If this is not manageable, take a look at denyhosts
>> (http://denyhosts.sourceforge.net/)
>>
>>
> These are script kiddies. Changing ssh to a non standard port instead
> of the default 22 will also eliminate the attacks. This is useful if
> your users move around and have different ip's.
>
>
Or install Denyhosts and allow it to sync with the server. This will limit how
many times they get a chance to login and then refuse the connection. But most
have already been reported by other Denyhosts users and blocked automatically.
--
Jason Turning
jturning at sbcglobal.net
-----
http://www.bugz.homeunix.net:8000/
More information about the fedora-list
mailing list