Login attacks
Sean
seanlkml at sympatico.ca
Tue Dec 7 20:37:13 UTC 2004
On Tue, December 7, 2004 3:24 pm, Michael Yep said:
> Hello
>
> In my LogWatch report I get many login attacks, many from the same IP
> address.
>
> sshd:
> Authentication Failures:
> root (218.232.109.187): 59 Time(s)
> adm (218.232.109.187): 2 Time(s)
> apache (218.232.109.187): 1 Time(s)
> nobody (218.232.109.187): 1 Time(s)
> operator (218.232.109.187): 1 Time(s)
> Invalid Users:
> Unknown Account: 43 Time(s)
>
> I have permitRootLogin set to NO, and I use strong passwords, but can I
> just add these IP addresses to hosts.deny?
> and if so how would I set that up
>
Hi Michael,
Sounds like you have a good setup. To deny that address add this line to
your hosts.deny:
sshd: 218.232.109.187
Also, you might want to report the abuse to the owner of the IP address.
Doing a "whois 218.232.109.187" returns:
[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-106-2
Fax : +82-2-6266-6483
E-Mail : abuse at hanaro.com
Cheers,
Sean
> Development / Technical Operations
> RemoteLink, Inc.
>
>
More information about the fedora-list
mailing list