On Tue, Apr 11, 2006 at 08:55:56PM -0600, Wade Preston Shearer wrote: > My server can get up ~12,000 [1] failed log in attempts recorded in > my server's logs in one day. How much of a concern should this be? I > am aware of restricting shell access to certain IPs. Will that > restrict the handshake or will I still see the attempts in my logs? > Are there any ways to restrict the attempts? > >
I use denyhosts to take care of it for me. It uses the /etc/hosts.deny file to block, and watches the log to add things. I've also restricted sshd with and AllowUsers statement. I only get 10 or so attempts a day now. -- Scott Paul Robertson http://spr.mahonri5.net GnuPG FingerPrint: 09ab 64b5 edc0 903e 93ce edb9 3bcc f8fb dc5d 7601
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
