[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login attacks



On Tue, December 7, 2004 3:24 pm, Michael Yep said:
> Hello
>
> In my LogWatch report I get many login attacks, many from the same IP
> address.
>
> sshd:
>     Authentication Failures:
>        root (218.232.109.187): 59 Time(s)
>        adm (218.232.109.187): 2 Time(s)
>        apache (218.232.109.187): 1 Time(s)
>        nobody (218.232.109.187): 1 Time(s)
>        operator (218.232.109.187): 1 Time(s)
>     Invalid Users:
>        Unknown Account: 43 Time(s)
>
> I have permitRootLogin set to NO, and I use strong passwords, but can I
> just add these IP addresses to hosts.deny?
> and if so how would I set that up
>
Hi Michael,

Sounds like you have a good setup.  To deny that address add this line to
your hosts.deny:

sshd: 218.232.109.187


Also, you might want to report the abuse to the owner of the IP address.  
Doing a  "whois 218.232.109.187"  returns:

[ ISP Network Abuse Contact Information ]
Name               : Network Abuse
Phone              : +82-2-106-2
Fax                : +82-2-6266-6483
E-Mail             : abuse hanaro com


Cheers,
Sean

> Development / Technical Operations
> RemoteLink, Inc.
>
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]