[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login attacks



On Tue, 2004-12-07 at 14:24 -0600, Michael Yep wrote:
> Hello
> 
> In my LogWatch report I get many login attacks, many from the same IP address.
> 
> sshd:
>     Authentication Failures:
>        root (218.232.109.187): 59 Time(s)
>        adm (218.232.109.187): 2 Time(s)
>        apache (218.232.109.187): 1 Time(s)
>        nobody (218.232.109.187): 1 Time(s)
>        operator (218.232.109.187): 1 Time(s)
>     Invalid Users:
>        Unknown Account: 43 Time(s)
> 
> I have permitRootLogin set to NO, and I use strong passwords, but can I 
> just add these IP addresses to hosts.deny?
> and if so how would I set that up

I tried to go down that road a few years back - whenever anyone tried to
probe my system I'd lock them out using iptables.

In not very much time my iptables rules were unmanageably long.  I found
that just disabling remote root login and enforcing strong passwords was
really the only way to deal with this kind of thing.

Thomas


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]