Steve Holdoway wrote:
> ...after a bit more investigation, here's my /etc/hosts.deny, based on the
> 25,000 attempts in the last month!

If you really can't lock down to whitelist-only, run DenyHosts from
http://denyhosts.sf.net

It runs as a daemon, every 30 seconds looks for bad guys in auth.log,
and adds them to hosts.deny.

You also run a purge every day or so, which will take out old entries.
This prevents hosts.deny getting so long that all tcpwrappered services
take too long to do checks.

Of course, whitelist yourself first :-) Or, if your machine is on a
dynamic address and you haven't set up a VPN, whitelist all the other
fixed-IP address machines you have, so you can log in via them at least.

-jim

Reply via email to