On 4/11/06, Wade Preston Shearer <[EMAIL PROTECTED]> wrote: > My server can get up ~12,000 [1] failed log in attempts recorded in > my server's logs in one day. How much of a concern should this be? I > am aware of restricting shell access to certain IPs. Will that > restrict the handshake or will I still see the attempts in my logs? > Are there any ways to restrict the attempts?
What I've done: 1. Change ssh port to a random non privileged, non used port. 2. Use good passwords. 3. Install DenyHosts and change the default "protective" settings to "brutally unforgiving" as in after 5 tries at a password on any account real or fantastic, that host is denied all services for forever. You might want to read a recent SLLUG thread on this. http://www.sllug.org/pipermail/sllug-members/2006-March/007499.html Justin /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
