easiest way with centos board tools is iptable recent module ... simply limit the amount of connections a host is allowed to the ssh port iptables -N SSHSCAN iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN iptables -A SSHSCAN -m recent --set --name SSH iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH -j DROP limits each host to 3 connections within 5 minutes. enough to make bots stop and still not too annoying for users that mistype their password 3x3 times On Mon, Jul 21, 2008 at 10:43 PM, Bo Lynch <blynch at ameliaschools.com> wrote: > just wanted to get some feedback from the community. Over the last few > days I have noticed my web server and email box have attempted to ssh'd to > using weird names like admin,appuser,nobody,etc.... None of these are > valid users. I know that I can block sshd all together with iptables but > that will not work for us. I did a little research on google and found > programs like sshguard and sshdfilter. Just wanted to know if anyone had > any experience with anything like these programs or have any other advice. > I really appreciate it. > > -- > Bo Lynch > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080721/f214fb43/attachment-0005.html>