Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Oct 2009 14:45:51 -0700 (PDT)
From:      Aflatoon Aflatooni <aaflatooni@yahoo.com>
To:        freebsd-questions@freebsd.org
Subject:   Security blocking question
Message-ID:  <526808.11391.qm@web56207.mail.re3.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Hi,=0AThe production server that has a public IP address has SSH enabled. T=
his server is continuously under dictionary attack:=0AOct=A0 8 12:58:40 sev=
en sshd[32248]: Invalid user europa from 83.65.199.91=0AOct=A0 8 12:58:40 s=
even sshd[32250]: Invalid user hacked from 83.65.199.91=0AOct=A0 8 12:58:40=
 seven sshd[32251]: Invalid user cop\r from 83.65.199.91=0AOct=A0 8 12:58:4=
1 seven sshd[32254]: Invalid user gel from 83.65.199.91=0AOct=A0 8 12:58:41=
 seven sshd[32255]: Invalid user dork from 83.65.199.91=0AOct=A0 8 12:58:41=
 seven sshd[32258]: Invalid user eva from 83.65.199.91=0AOct=A0 8 12:58:41 =
seven sshd[32260]: Invalid user hacker from 83.65.199.91=0AOct=A0 8 12:58:4=
1 seven sshd[32261]: Invalid user copila\r from 83.65.199.91=0AOct=A0 8 12:=
58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91=0AOct=A0 8 12=
:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91=0AOct=A0 8 12=
:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91=0AOct=A0 8 1=
2:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91=0AOct=A0 8 1=
2:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91=0AOct=A0 =
8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91=0AOct=
=A0 8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91=0AOc=
t=A0 8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91=0A=0A=
Is there a way that I could configure the server so that if there are for e=
xample=A0X attempts from an IP address then for the next=A0Y hours all the =
SSH requests would be ignored from that IP address? =0AThere are only a han=
dful of people who have access to that server.=0A=0AThanks=0A=0A=0A=0A     =

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?526808.11391.qm>