Mohd Syakir wrote: > Hi, > > i have one centos 4.3 box, exposed to the internet. > since several weeks ago, i found numerous attemps to connect through > SSH, but failed. > > they tried with many username, including root. > it's comes from different IP. some of them are foreign website. > > How do i make my centos become smarter in handling this kind of attacks. > > eventhough i've disable all the user accounts, left only the admin > accounts. making the password so hard, longer and combining alphabet, > numbers and characters... yet i dont want the attackers keep on > trying. > > any suggestions? I don't need to connect from many places, so this helps: summer at coco:~$ grep -i ss /etc/hosts.*[wy] /etc/hosts.allow:sshd: 192.168. 203.34. 220.235. 203.59. 203.55. 203.33. 202.72. 203.15.140. 203.33 /etc/hosts.deny:sshd: ALL summer at coco:~$ In fact, it works so well I get hardly any. You can also use iptables to limit the rate at which connexions are accepted; they tend to go away when things time out. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list