Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Oct 2009 16:48:14 -0500
From:      Adam Vande More <amvandemore@gmail.com>
To:        Aflatoon Aflatooni <aaflatooni@yahoo.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Security blocking question
Message-ID:  <6201873e0910091448h46c13ce4h2e9df8920a8fe27a@mail.gmail.com>
In-Reply-To: <526808.11391.qm@web56207.mail.re3.yahoo.com>
References:  <526808.11391.qm@web56207.mail.re3.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Oct 9, 2009 at 4:45 PM, Aflatoon Aflatooni <aaflatooni@yahoo.com>wrote:

> Hi,
> The production server that has a public IP address has SSH enabled. This
> server is continuously under dictionary attack:
> Oct  8 12:58:40 seven sshd[32248]: Invalid user europa from 83.65.199.91
> Oct  8 12:58:40 seven sshd[32250]: Invalid user hacked from 83.65.199.91
> Oct  8 12:58:40 seven sshd[32251]: Invalid user cop\r from 83.65.199.91
> Oct  8 12:58:41 seven sshd[32254]: Invalid user gel from 83.65.199.91
> Oct  8 12:58:41 seven sshd[32255]: Invalid user dork from 83.65.199.91
> Oct  8 12:58:41 seven sshd[32258]: Invalid user eva from 83.65.199.91
> Oct  8 12:58:41 seven sshd[32260]: Invalid user hacker from 83.65.199.91
> Oct  8 12:58:41 seven sshd[32261]: Invalid user copila\r from 83.65.199.91
> Oct  8 12:58:42 seven sshd[32265]: Invalid user dorna from 83.65.199.91
> Oct  8 12:58:42 seven sshd[32264]: Invalid user gelo from 83.65.199.91
> Oct  8 12:58:42 seven sshd[32268]: Invalid user evara from 83.65.199.91
> Oct  8 12:58:43 seven sshd[32270]: Invalid user hack from 83.65.199.91
> Oct  8 12:58:43 seven sshd[32271]: Invalid user copil\r from 83.65.199.91
> Oct  8 12:58:43 seven sshd[32274]: Invalid user Doubled from 83.65.199.91
> Oct  8 12:58:43 seven sshd[32275]: Invalid user gelos from 83.65.199.91
> Oct  8 12:58:44 seven sshd[32278]: Invalid user eve from 83.65.199.91
>
> Is there a way that I could configure the server so that if there are for
> example X attempts from an IP address then for the next Y hours all the SSH
> requests would be ignored from that IP address?
> There are only a handful of people who have access to that server.
>
> Thanks
>
>
/usr/ports/security/denyhosts


-- 
Adam Vande More

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6201873e0910091448h46c13ce4h2e9df8920a8fe27a>