[CentOS] Simple way to banish IP addresses ?

Craig White craigwhite at azapple.com
Fri Oct 9 19:41:55 UTC 2009


On Fri, 2009-10-09 at 20:35 +0200, Niki Kovacs wrote:
> Hi,
> 
> I just set up a web server... and my bandwidth is being eaten by some 
> chinese folks trying to brute-force-ssh their way into the machine.
> 
> Is there a simple way to banish either single IP addresses or, maybe 
> even better, whole IP classes ? I know it's feasible with iptables, but 
> is there something more easily configurable ?
----
Suggest you move ssh to another port (i.e. high numbered)

but whether you do or do not move the port sshd listens on, you should
install a package like denyhosts which after a specified number of
attempts, locks them out completely.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the CentOS mailing list