> > they tried with many username, including root. > it's comes from different IP. some of them are foreign website. > > How do i make my centos become smarter in handling this kind > of attacks. > > eventhough i've disable all the user accounts, left only the > admin accounts. making the password so hard, longer and > combining alphabet, numbers and characters... yet i dont want > the attackers keep on trying. > > any suggestions? > Just do what you are doing. Keep only essential accounts active, set strong passwords. Keep up-to-date on patches. There are tonnnes of people that will scan your machine that is connected to the internet. As another person said, you can use some scripting along with IPTables to auto-block some people..if you know exactly where you will be SSH'ing in from..setup IPTables to only allow that address to SSH in. If you are looking for something to play with..hmm..: -port knocking -two factor authentication -denyhosts script previously mentioned -just don't open SSH to the world Mike