One other method I have sucessfully used / am using is to change the port number of the service being attacked. If we are talking about ssh this can be done in the /etc/ssh/sshd_config file by changing / adding a Port xxxx line to the file.
I hope this helps you it has drastically decreased the number of people trying to break down my front door. --Jeff Means MeansPC - Custom Web Development for your needs.
CentOS mailing list centos@centos.org wrote:
On Sun, 2005-08-21 at 17:03 -0500, Jerry Geis wrote:
I have quite a few entries in /var/log/messages for connection attempts. Is there anything other than ignoring them I can do? Example is below.
There are a number of scripts (some Perl, some Python) out there to monitor the log and add an entry in hosts.deny to block any further attempts from the offending IP when too many failed password attempts are noted. You can find them with some "googling".
I am using a modified one to stop these breakin attempts on my servers.
Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=wsip-24-234-149-156.lv.lv.cox.net
THanks,
Jerry
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Rich Huff rich@richhuff.com
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos