Trey Sizemore wrote: > On Fri Mar 28, 2008 07:47PM, Rudi Ahlers wrote: > >> Ray Leventhal wrote: >> >>> James A. Peltier wrote: >>> >>>> Rudi Ahlers wrote: >>>> >>>>> Tim Alberts wrote: >>>>> >>>>>> So I setup ssh on a server so I could do some work from home and >>>>>> I think the second I opened it every sorry monkey from around the >>>>>> world has been trying every account name imaginable to get into >>>>>> the system. >>>>>> >>>>>> What's a good way to deal with this? >>>>>> >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>> >>>>>> >>>>> 1. Change the default port >>>>> 2. use only SSH protocol 2 >>>>> 3. Install some brute force protection which can automatically ban >>>>> an IP on say 5 / 10 failed login attempts >>>>> 4. ONLY allow SSH access from your IP, if it's static. Or signup >>>>> for a DynDNS account, and then only allow SSH access from your >>>>> DynDNS domain >>>>> >>>>> >>>> Fail2Ban is a good brute force protector. It works in conjunction >>>> with IPTables to block IPs that are "attacking" for a said duration >>>> of time. :) >>>> >>>> >>>> >>> I haven't used Fail2Ban, but I do like what I've been experiencing >>> with apf[1] and sim[2]. The Reactive Address Blocking (RAB) feature >>> in apf is a bit timesaver, but I expect Fail2Ban has something >>> similar. apf is basically an easier (for me, anyway) of managing >>> iptables. Manually banning an ip or block is as easy as adding it to >>> the deny_hosts.rules file and restarting apf. RAB really helps, again >>> imo. >>> >>> >>> HTH, >>> -Ray >>> [1] http://rfxnetworks.com/apf.php >>> [2] http://rfxnetworks.com/sim.php >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >>> >> Here's a quick howto for Suse10.3, but the principles stay the same. >> Fail2Ban can be used for many other things as well, like FTP, MySQL, >> SMTP, etc :) >> >> > > I don't see the how-to... > > Sorry, here it is http://howtoforge.net/fail2ban_opensuse10.3 -- Kind Regards Rudi Ahlers CEO, SoftDux Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff