Mohd Syakir wrote:
Hi,
i have one centos 4.3 box, exposed to the internet. since several weeks ago, i found numerous attemps to connect through SSH, but failed.
they tried with many username, including root. it's comes from different IP. some of them are foreign website.
How do i make my centos become smarter in handling this kind of attacks.
eventhough i've disable all the user accounts, left only the admin accounts. making the password so hard, longer and combining alphabet, numbers and characters... yet i dont want the attackers keep on trying.
any suggestions?
I don't need to connect from many places, so this helps: summer@coco:~$ grep -i ss /etc/hosts.*[wy] /etc/hosts.allow:sshd: 192.168. 203.34. 220.235. 203.59. 203.55. 203.33. 202.72. 203.15.140. 203.33 /etc/hosts.deny:sshd: ALL summer@coco:~$
In fact, it works so well I get hardly any.
You can also use iptables to limit the rate at which connexions are accepted; they tend to go away when things time out.