On Sat, Aug 23, 2008 at 4:59 PM, Bob La Quey <[EMAIL PROTECTED]> wrote: > I appear to have had a ssh attack on my linode.com box. > > The auth.log has many lines of this sort of thing: > > Aug 23 11:23:54 ubuntu sshd[13108]: Failed password for invalid user > calisto from 210.143.97.153 port 33742 ssh2
Install denyhosts. It monitors ssh traffic and puts IPs that repeatedly try to access your box into /etc/hosts.deny (thereby refusing all attempted TCP connections from that address). I get similar attacks on my Linode all the time (I have the same $20/month plan as you), but it doesn't affect my CPU use terribly with denyhosts running. By the way, I also use hosts.allow and hosts.deny to refuse all traffic to any ports except 22 and 80. I know I should also implement this in iptables, since that outright refuses packets instead of the TCP wrapper that accepts the packets and just refuses the connection... however, the wrapper does work just fine, at least for now. -- Brad Beyenhof . . . . . . . . . . . . . . . . . http://augmentedfourth.com If the world were merely seductive, that would be easy. If it were merely challenging, that would be no problem. But I arise in the morning torn between a desire to improve the world and a desire to enjoy the world. This makes it hard to plan the day. ~ E.B. White, writer (1899-1985) -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
