Hi Michael, On Fri, 2005-02-11 at 03:02 +0000, Michael Thompson wrote:
> Sorry, should have looked before posting! > > I dont block any more, no point. The IP's change so frequently, I have > never seen the same IP in any multiple attempts. > Yeah they change but they continue till I block them (lasts couple of days some times). > But if you want to use that code, it will search the message logs for > Invalid users and add them to a blacklist. You should create the chain > first, and call it from your INPUT chain. > > /sbin/iptables -N BLACKLIST > /sbin/iptables -I INPUT 1 -p TCP --dport 22 -j BLACKLIST > Did that thanks. > Just call it from cron whenever is suitable for you. If you start > getting iptables resource unavailable errors, remove the zcat lines, so > that it is only searching the current log file. > Will keep that in mind. > Better than having to run this code, run your SSHD Deamon on a > non-standard port, such as 222, the scans will stop immeadiatly. problem here is I usually access it from work and there's hardly any port open on my company firewall.. I can only go outbound on 20, 22,25,80, 443, 110, 143 and all these ports are already in use on my box. So, I have no other option but to run ssh on port 22 only. R'twick
signature.asc
Description: This is a digitally signed message part
