Bowie Bailey wrote: > Bo Lynch wrote: > >> just wanted to get some feedback from the community. Over the last few >> days I have noticed my web server and email box have attempted to >> ssh'd to using weird names like admin,appuser,nobody,etc.... None of >> these are valid users. I know that I can block sshd all together with >> iptables but that will not work for us. I did a little research on >> google and found programs like sshguard and sshdfilter. Just wanted >> to know if anyone had any experience with anything like these >> programs or have any other advice. I really appreciate it. >> > > The simplest thing is to change the port. I know it's "security through > obscurity", but it works well and can be used along with whatever other > security enhancements you care to use. > > By changing the ports on all our servers to a high (above 1024) port, we have eliminated SSH scans altogether - been running like that for a few years now without any problems. I also add a small script in /etc/profile to email me when someone logs in via SSH, since only a few privileged ppl should use SSH altogether -- Kind Regards Rudi Ahlers Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff