[CentOS] Ideas for stopping ssh brute force attacks

Mon Jul 21 21:16:56 UTC 2008
Rob Townley <rob.townley at gmail.com>

On Mon, Jul 21, 2008 at 4:11 PM, Dan Carl <danc at bluestarshows.com> wrote:

>
>
> > -----Original Message-----
> > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org]On
> > Behalf Of Bo Lynch
> > Sent: Monday, July 21, 2008 3:43 PM
> > To: centos at centos.org
> > Subject: [CentOS] Ideas for stopping ssh brute force attacks
> >
> >
> > just wanted to get some feedback from the community. Over the last few
> > days I have noticed my web server and email box have attempted to ssh'd
> to
> > using weird names like admin,appuser,nobody,etc.... None of these are
> > valid users. I know that I can block sshd all together with iptables but
> > that will not work for us. I did a little research on google and found
> > programs like sshguard and sshdfilter. Just wanted to know if anyone had
> > any experience with anything like these programs or have any other
> advice.
> > I really appreciate it.
> >
> > --
> > Bo Lynch
> >
> Just change the default port.
> You can also limit the allowed nocks on door with iptables, but changing
> the
> port is much eaieer.
> Cleans up the logs real nice.
> Dan
>
>
>
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



PortKnocking - ports appear closed until the correct knock on the ports.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080721/68913734/attachment-0005.html>