I would suggest using ssh with RSA key pairs and passphrases only. Dont
allow password based login or root login over ssh. Only allow root to
login using the console and use sudo for all admin tasks.
I have not tried this myself but you could use tcpwrappers and write a
script to add the IP address from repeated failed messages to the
hosts.deny file. There are various scripts already written to do this. A
quick goggle search found this
http://security.linux.com/article.pl?sid=05/09/15/1655234 (its about linux
but I am sure the same approach applies to FreeBSD.)
Hope this helps
[EMAIL PROTECTED] wrote on 09/05/2006 15:54:03:
> More and more each day I am seeing my root emails contain hundreds
> of entries like this:
> May 8 02:23:35 warpstone sshd: Failed password for root
> from 22.214.171.124 port 50519 ssh2
> May 8 16:37:41 warpstone ftpd: FTP LOGIN FAILED FROM 211.44.
> 250.152, Administrator
> Basically, people are attemtpting to hack into my server often
> with a few thousands of attempts each day. What measures can I take
> to stop these attempts? Is there a way I can detect these attacks
> and automatically cut them off? Are any of the security ports
> effective against this?
> Thank you!
> M Goodell
> Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low
> email@example.com mailing list
> To unsubscribe, send any mail to
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"