On Tue, 11 Apr 2006, Justin Findlay wrote:
On 4/11/06, Wade Preston Shearer <[EMAIL PROTECTED]> wrote:
My server can get up ~12,000 [1] failed log in attempts recorded in
my server's logs in one day. How much of a concern should this be? I
am aware of restricting shell access to certain IPs. Will that
restrict the handshake or will I still see the attempts in my logs?
Are there any ways to restrict the attempts?
What I've done: 1. Change ssh port to a random non privileged, non
used port. 2. Use good passwords. 3. Install DenyHosts and change
the default "protective" settings to "brutally unforgiving" as in
after 5 tries at a password on any account real or fantastic, that
host is denied all services for forever.
You might want to read a recent SLLUG thread on this.
http://www.sllug.org/pipermail/sllug-members/2006-March/007499.html
Justin
As Justin suggests, there are scripts out there that will block any
attempts from a single IP after a certain number of tries. I use one on
my web hosting servers and it keeps the traffic down greatly. Massive
login attempts can cause DOS, which is a bad thing in the web hosting
business, as you know.
Jonathan
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
