On Wed, Aug 01, 2007 at 11:27:38PM +1000, Jeremy Visser wrote: > Alex Samad wrote: > > Seems like I am getting attacked from these ip's > > 59.124.57.147 > > 61.180.85.226 > > 155.230.106.163 > > 202.107.245.4 > > > > 202.188.161.66 > > 210.164.31.91 > > 212.210.63.18 > > 219.149.182.145 > > 219.94.132.52 > > > > any one else seeing any new activity ? I currently have rate limiting on > > ssh > > attempts so not to bothered (it also key only) > > Our server at home regularly gets hammered, with my twice-daily logcheck > digest informing me of several unique IPs that have failed logins. > > A few days ago, I myself noticed an increase of the activity, so I > installed DenyHosts[1], a Python daemon that monitors the auth.log for > such failed logins via SSH, and automatically adds the IPs to > /etc/hosts.deny. Might be worth trying out. > used to have my own script that looked through log and placed a iptables DROP command for that ip address, ran on an hourly cron, but I moved my firewall to openwrt and there isn't really anything on the firewall box. plus I did not have all the tool there to manage file process.
> But then again, if you have key-only authentication, it's probably not > worth it for you. Yeah also have iptables recent and limit to 4 per hour. Just interesting to see a lot more attacks > > [1] http://denyhosts.sourceforge.net/ > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
