Toby Bluhm wrote:
Niki Kovacs wrote:
Hi,
I just set up a web server... and my bandwidth is being eaten by some chinese folks trying to brute-force-ssh their way into the machine.
Is there a simple way to banish either single IP addresses or, maybe even better, whole IP classes ? I know it's feasible with iptables, but is there something more easily configurable ?
Cheers,
Try fail2ban from rpmforge.
Also, if you're using the standard fw that ships with centos, you can stop entire blocks of IPs by manually inserting rules after iptables starts:
iptables -I RH-Firewall-1-INPUT 1 -s 1.2.3.4/24 -p tcp --dport 22 -j DROP
IP ranges by country: http://www.countryipblocks.net/country-blocks/select-formats/
The IP ranges will change from time to time, so you have to check often. You could script in a download from http://www.countryipblocks.net/continents/ to keep it current.
Like someone said, if you have to keep ssh open to the world, changing the port number will dramatically cut down on the attempts.