From owner-freebsd-questions@FreeBSD.ORG  Sun Feb 12 10:41:08 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 77E0B16A420
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Feb 2006 10:41:08 +0000 (GMT) (envelope-from lars@gmx.at)
Received: from mail.gmx.net (mail.gmx.de [213.165.64.21])
	by mx1.FreeBSD.org (Postfix) with SMTP id A467943D45
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Feb 2006 10:41:07 +0000 (GMT) (envelope-from lars@gmx.at)
Received: (qmail invoked by alias); 12 Feb 2006 10:41:06 -0000
Received: from 140.95.62.81.cust.bluewin.ch (EHLO [192.168.1.10])
	[81.62.95.140]
	by mail.gmx.net (mp032) with SMTP; 12 Feb 2006 11:41:06 +0100
X-Authenticated: #912863
Message-ID: <43EF10CD.6090003@gmx.at>
Date: Sun, 12 Feb 2006 11:41:17 +0100
From: lars <lars@gmx.at>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
CC: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
References: <1059667590.20060212073915@mail333.com>
	<1139736497.17153.14.camel@lmail.bathnetworks.co.uk>
In-Reply-To: <1139736497.17153.14.camel@lmail.bathnetworks.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Subject: Re: incorrect logins
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lars@gmx.at
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2006 10:41:08 -0000

Robert Slade wrote:
> On Sun, 2006-02-12 at 04:39, Playnet wrote:
>> Hello FreeBSD,
>>
>>   I see many records as
>> Feb 10 21:08:55 sstand sshd[84600]: Failed password for root from 61.218.130.20 port 46356 ssh2
>>
>> How can i block these IP, who try "root" as login?
>> Have any soft in ports?
> 
> In the default setup of SSH, root login is disabled. Check the manual
> for ssh.
> 
> As for blocking Ips check hosts_deny and hosts_allow.
> 
> I would recommend that you block the ssh port at you firewall for stop
> remote logons via ssh etc.
> 
> Rob 

Either you
1	configure SSH to only allow logins from certain hostnames or IP 	 
addresses or for certain users, and/or

2	install a program to watch your logfiles and modify your 			firewall 
rules dynamically according to specified triggers,
	like /usr/ports/security/denyhosts, and/or

3	choose strong passwords or -phrases and not care