[CentOS] Re: Defending againts simultanious attacks

Thu Feb 15 18:03:06 UTC 2007
Scott Silva <ssilva at sgvwater.com>

Mohd Syakir spake the following on 2/15/2007 5:02 AM:
> Hi,
> 
> i have one centos 4.3 box, exposed to the internet.
> since several weeks ago, i found numerous attemps to connect through
> SSH, but failed.
> 
> they tried with many username, including root.
> it's comes from different IP. some of them are foreign website.
> 
> How do i make my centos become smarter in handling this kind of attacks.
> 
> eventhough i've disable all the user accounts, left only the admin
> accounts. making the password so hard, longer and combining alphabet,
> numbers and characters... yet i dont want the attackers keep on
> trying.
> 
> any suggestions?
> 
> thanks in advance.
You can try fail2ban.
Atrpm's has a binary.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!