Date: Fri, 31 Mar 2006 06:44:49 -0700 From: "Pat Maddox" <pergesu@gmail.com> To: "Nathan Vidican" <nvidican@wmptl.com> Cc: questions@freebsd.org Subject: Re: repeated ssh login attempts/failure/break-in attempts from kiddy script Message-ID: <810a540e0603310544j6434d4e1w51e9df2cfeaaf3bc@mail.gmail.com> In-Reply-To: <442D31C6.5050700@wmptl.com> References: <442D31C6.5050700@wmptl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Disable password-based logins (use keys instead), move SSH to another port, or install some kind of brute force monitor. First two options are the best, but if for some reason you need to keep it on 22 and password-based logins then look to a BF monitor. Just make sure you actually need it..and do some googling, as this gets talked about a lot (I know, because I asked the same question a few months ago! :) Pat On 3/31/06, Nathan Vidican <nvidican@wmptl.com> wrote: > Noted recently in auth.log, a string of connection attempts repeated/fail= ed over > and over from one host - looks like a script someone's running, tries all= kinds > of various usernames, etc... attempts like 100-200 logins, fails and goes= away. > > Few hours go by, and another such attempt, from a different IP comes in. = If I'm > here and just happen to notice them - simple ipfw add deny... does the tr= ick, > but is there not a way to limit the login attempts for a certain period o= f time? > > ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes,= deny > all attempts and drop connection from said IP... possible? > > Any suggestions/ideas? Thus far, no one has managed to login (there are o= nly > three accounts which even have a shell or can login via ssh... but still = not the > point). I'd just like to get rid of the problem and save my auth.log file= for > perhaps something more useful ;) > > > -- > Nathan Vidican > nvidican@wmptl.com > Windsor Match Plate & Tool Ltd. > http://www.wmptl.com/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?810a540e0603310544j6434d4e1w51e9df2cfeaaf3bc>