[CentOS] Defending againts simultanious attacks
John Summerfield
debian at herakles.homelinux.org
Fri Feb 16 22:32:17 UTC 2007
Mohd Syakir wrote:
> Hi,
>
> i have one centos 4.3 box, exposed to the internet.
> since several weeks ago, i found numerous attemps to connect through
> SSH, but failed.
>
> they tried with many username, including root.
> it's comes from different IP. some of them are foreign website.
>
> How do i make my centos become smarter in handling this kind of attacks.
>
> eventhough i've disable all the user accounts, left only the admin
> accounts. making the password so hard, longer and combining alphabet,
> numbers and characters... yet i dont want the attackers keep on
> trying.
>
> any suggestions?
I don't need to connect from many places, so this helps:
summer at coco:~$ grep -i ss /etc/hosts.*[wy]
/etc/hosts.allow:sshd: 192.168. 203.34. 220.235. 203.59. 203.55.
203.33. 202.72. 203.15.140. 203.33
/etc/hosts.deny:sshd: ALL
summer at coco:~$
In fact, it works so well I get hardly any.
You can also use iptables to limit the rate at which connexions are
accepted; they tend to go away when things time out.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the CentOS
mailing list