On Wed, 15 Nov 2006 18:51:02 +0000 Shri Shrikumar <[EMAIL PROTECTED]> wrote:
> Hi All, > > I have a few servers on which there is a regular penetration > attempts using brute force password guessing bots. > > There is little risk to the server but am getting more and more > annoyed by this and as far as I can see am left with two options. > > 1. Report each ip address that does this. However, a lot of them > seems to be from asia with no proper abuse@ address to contact. > Additionally, this can be very time consuming. > > 2. Change the port number that ssh uses to something else. This > has the annoyance that I need to pass the new port number in each > time I want to log-in. > > 3. Ignore the issue. Very annoying since logwatch and logcheck > constantly complain about it. However, I can add filters so it > annoys me less. > > Is there a another option? Alternatively, is there a way of > automatically reporting offending ip's? > > Any input in this matter greatly appreciated. > > Best Wishes, > > > Shri > I assume you're using a firewall? Give anyone who tries to access ssh a couple of attempts in a minute, then it drops them. -- Raquel ============================================================ What is hateful you do not do to your neighbor: that is the whole Torah. --Shammai -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
