break-in attempts on my server
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Sun Nov 20 18:01:21 EST 2005
On Sun, Nov 20, 2005 at 05:44:09PM -0500, Kent Borg wrote:
> On Sun, Nov 20, 2005 at 05:15:35PM -0500, David Kramer wrote:
> > Is there *anything* else I can do? There's hundreds of these attempts.
>
> If you have good passwords, they won't get in. I get tons of attempts
> most days and I don't worry about them.
If you have well-secured private keys, they can't guess the
password, no matter what.
> If you want to slow them down I have seen suggestions to have your
> iptables automatically blackhole the IP address of anyone who tries
> too many times to login and fails. The blackhole expires after a time
> so you don't collect a bunch of dynamic IP addresses that are later
> innocent.
>
> https://www.redhat.com/archives/fedora-list/2005-May/msg01323.html
This is also a useful step.
Oh, and SSHAllowUsers -- reject idiot attempts "Admin, backup,
cvs, daemon..." and just allow the four users who actually come
in remotely.
-dsr-
More information about the Discuss
mailing list