Alex Samad wrote: > Seems like I am getting attacked from these ip's > 59.124.57.147 > 61.180.85.226 > 155.230.106.163 > 202.107.245.4 > > 202.188.161.66 > 210.164.31.91 > 212.210.63.18 > 219.149.182.145 > 219.94.132.52 > > any one else seeing any new activity ? I currently have rate limiting on ssh > attempts so not to bothered (it also key only)
Our server at home regularly gets hammered, with my twice-daily logcheck digest informing me of several unique IPs that have failed logins. A few days ago, I myself noticed an increase of the activity, so I installed DenyHosts[1], a Python daemon that monitors the auth.log for such failed logins via SSH, and automatically adds the IPs to /etc/hosts.deny. Might be worth trying out. But then again, if you have key-only authentication, it's probably not worth it for you. [1] http://denyhosts.sourceforge.net/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
